Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix use-after-free crash in RT #97625
  • Loading branch information
Giovanni Bechis committed Sep 9, 2014
1 parent 3e09017 commit a56ae87
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions dbdimp.c
Expand Up @@ -1996,6 +1996,7 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
char* password;
char* mysql_socket;
int result;
int fresh = 0;
D_imp_xxh(dbh);

/* TODO- resolve this so that it is set only if DBI is 1.607 */
Expand Down Expand Up @@ -2044,12 +2045,18 @@ static int my_login(pTHX_ SV* dbh, imp_dbh_t *imp_dbh)
port ? port : "NULL");

if (!imp_dbh->pmysql) {
fresh = 1;
Newz(908, imp_dbh->pmysql, 1, MYSQL);
}
result = mysql_dr_connect(dbh, imp_dbh->pmysql, mysql_socket, host, port, user,
password, dbname, imp_dbh) ? TRUE : FALSE;
if (!result)
if (fresh && !result) {
/* Prevent leaks, but do not free in case of a reconnect. See #97625 */
do_error(dbh, mysql_errno(imp_dbh->pmysql),
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
Safefree(imp_dbh->pmysql);
imp_dbh->pmysql = NULL;
}
return result;
}

Expand Down Expand Up @@ -2102,8 +2109,9 @@ int dbd_db_login(SV* dbh, imp_dbh_t* imp_dbh, char* dbname, char* user,

if (!my_login(aTHX_ dbh, imp_dbh))
{
do_error(dbh, mysql_errno(imp_dbh->pmysql),
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
if(imp_dbh->pmysql)
do_error(dbh, mysql_errno(imp_dbh->pmysql),
mysql_error(imp_dbh->pmysql) ,mysql_sqlstate(imp_dbh->pmysql));
return FALSE;
}

Expand Down

0 comments on commit a56ae87

Please sign in to comment.