Skip to content

Commit a56ae87

Browse files
author
Giovanni Bechis
committed
fix use-after-free crash in RT #97625
1 parent 3e09017 commit a56ae87

File tree

1 file changed

+11
-3
lines changed

1 file changed

+11
-3
lines changed

Diff for: dbdimp.c

+11-3
Original file line numberDiff line numberDiff line change
@@ -1996,6 +1996,7 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
19961996
char* password;
19971997
char* mysql_socket;
19981998
int result;
1999+
int fresh = 0;
19992000
D_imp_xxh(dbh);
20002001

20012002
/* TODO- resolve this so that it is set only if DBI is 1.607 */
@@ -2044,12 +2045,18 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
20442045
port ? port : "NULL");
20452046

20462047
if (!imp_dbh->pmysql) {
2048+
fresh = 1;
20472049
Newz(908, imp_dbh->pmysql, 1, MYSQL);
20482050
}
20492051
result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
20502052
password, dbname, imp_dbh) ? TRUE : FALSE;
2051-
if (!result)
2053+
if (fresh && !result) {
2054+
/* Prevent leaks, but do not free in case of a reconnect. See #97625 */
2055+
do_error(dbh, mysql_errno(imp_dbh->pmysql),
2056+
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
20522057
Safefree(imp_dbh->pmysql);
2058+
imp_dbh->pmysql = NULL;
2059+
}
20532060
return result;
20542061
}
20552062

@@ -2102,8 +2109,9 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user,
21022109

21032110
if (!my_login(aTHX_ dbh, imp_dbh))
21042111
{
2105-
do_error(dbh, mysql_errno(imp_dbh->pmysql),
2106-
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
2112+
if(imp_dbh->pmysql)
2113+
do_error(dbh, mysql_errno(imp_dbh->pmysql),
2114+
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
21072115
return FALSE;
21082116
}
21092117

0 commit comments

Comments
 (0)