File mysql-connector-java-CVE-2020-2875_CVE-2020-293... of Package mysql-connector-java

Overview Repositories Revisions Requests Users Attributes Meta

File mysql-connector-java-CVE-2020-2875_CVE-2020-2933_CVE-2020-2934.patch of Package mysql-connector-java (Revision 72b3bb4af38be4d358d3229fd4d5792f)

Currently displaying revision 72b3bb4af38be4d358d3229fd4d5792f , Show latest

Index: mysql-connector-java-5.1.47/src/com/mysql/fabric/xmlrpc/Client.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/fabric/xmlrpc/Client.java
+++ mysql-connector-java-5.1.47/src/com/mysql/fabric/xmlrpc/Client.java
@@ -32,6 +32,7 @@ import java.net.URL;
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.xml.XMLConstants;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.parsers.SAXParser;
 import javax.xml.parsers.SAXParserFactory;
@@ -89,6 +90,8 @@ public class Client {
             // Get Response
             InputStream is = connection.getInputStream();
             SAXParserFactory factory = SAXParserFactory.newInstance();
+            factory.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
+            factory.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
             SAXParser parser = factory.newSAXParser();
             ResponseParser saxp = new ResponseParser();
 
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/BestResponseTimeBalanceStrategy.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/BestResponseTimeBalanceStrategy.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/BestResponseTimeBalanceStrategy.java
@@ -24,6 +24,7 @@
 package com.mysql.jdbc;
 
 import java.sql.SQLException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 import java.util.Properties;
@@ -44,8 +45,13 @@ public class BestResponseTimeBalanceStra
     public ConnectionImpl pickConnection(LoadBalancedConnectionProxy proxy, List<String> configuredHosts, Map<String, ConnectionImpl> liveConnections,
             long[] responseTimes, int numRetries) throws SQLException {
 
+        List<String> whiteList = new ArrayList<String>(configuredHosts.size());
+        whiteList.addAll(configuredHosts);
+
         Map<String, Long> blackList = proxy.getGlobalBlacklist();
 
+        whiteList.removeAll(blackList.keySet());
+
         SQLException ex = null;
 
         for (int attempts = 0; attempts < numRetries;) {
@@ -61,7 +67,7 @@ public class BestResponseTimeBalanceStra
             for (int i = 0; i < responseTimes.length; i++) {
                 long candidateResponseTime = responseTimes[i];
 
-                if (candidateResponseTime < minResponseTime && !blackList.containsKey(configuredHosts.get(i))) {
+                if (candidateResponseTime < minResponseTime && !blackList.containsKey(whiteList.get(i))) {
                     if (candidateResponseTime == 0) {
                         bestHostIndex = i;
 
@@ -73,7 +79,7 @@ public class BestResponseTimeBalanceStra
                 }
             }
 
-            String bestHost = configuredHosts.get(bestHostIndex);
+            String bestHost = whiteList.get(bestHostIndex);
 
             ConnectionImpl conn = liveConnections.get(bestHost);
 
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/CallableStatement.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/CallableStatement.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/CallableStatement.java
@@ -188,7 +188,6 @@ public class CallableStatement extends P
             this.numParameters = this.parameterList.size();
         }
 
-        @SuppressWarnings("synthetic-access")
         CallableStatementParamInfo(java.sql.ResultSet paramTypesRs) throws SQLException {
             boolean hadRows = paramTypesRs.last();
 
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/ConnectionImpl.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/ConnectionImpl.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/ConnectionImpl.java
@@ -920,7 +920,7 @@ public class ConnectionImpl extends Conn
                 try {
                     results = stmt.executeQuery("SHOW COLLATION");
                     while (results.next()) {
-                        int collationIndex = ((Number) results.getObject(3)).intValue();
+                        int collationIndex = results.getInt(3);
                         String charsetName = results.getString(2);
 
                         // if no static map for charsetIndex or server has a different mapping then our static map, adding it to custom map 
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/ConnectionPropertiesImpl.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/ConnectionPropertiesImpl.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/ConnectionPropertiesImpl.java
@@ -668,7 +668,7 @@ public class ConnectionPropertiesImpl im
         }).exposeAsDriverPropertyInfoInternal(info, slotsToReserve);
     }
 
-    private BooleanConnectionProperty allowLoadLocalInfile = new BooleanConnectionProperty("allowLoadLocalInfile", true,
+    private BooleanConnectionProperty allowLoadLocalInfile = new BooleanConnectionProperty("allowLoadLocalInfile", false,
             Messages.getString("ConnectionProperties.loadDataLocal"), "3.0.3", SECURITY_CATEGORY, Integer.MAX_VALUE);
 
     private BooleanConnectionProperty allowMultiQueries = new BooleanConnectionProperty("allowMultiQueries", false,
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/interceptors/ServerStatusDiffInterceptor.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/interceptors/ServerStatusDiffInterceptor.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/interceptors/ServerStatusDiffInterceptor.java
@@ -66,7 +66,9 @@ public class ServerStatusDiffInterceptor
 
             stmt = connection.createStatement();
             rs = stmt.executeQuery("SHOW SESSION STATUS");
-            Util.resultSetToMap(toPopulate, rs);
+            while (rs.next()) {
+                toPopulate.put(rs.getString(1), rs.getString(2));
+            }
         } finally {
             if (rs != null) {
                 rs.close();
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/LocalizedErrorMessages.properties
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/LocalizedErrorMessages.properties
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/LocalizedErrorMessages.properties
@@ -458,13 +458,13 @@ ConnectionProperties.categorySecurity=Se
 # ConnectionProperty Descriptions
 #
 
-ConnectionProperties.loadDataLocal=Should the driver allow use of 'LOAD DATA LOCAL INFILE...' (defaults to 'true').
+ConnectionProperties.loadDataLocal=Should the driver allow use of 'LOAD DATA LOCAL INFILE...'?.
 ConnectionProperties.replicationEnableJMX=Enables JMX-based management of replication connection groups, including live slave promotion, addition of new slaves and removal of master or slave hosts from load-balanced master and slave connection pools.
 ConnectionProperties.replicationConnectionGroup=Logical group of replication connections within a classloader, used to manage different groups independently. If not specified, live management of replication connections is disabled.
 ConnectionProperties.allowMasterDownConnections=By default, a replication-aware connection will fail to connect when configured master hosts are all unavailable at initial connection. Setting this property to 'true' allows to establish the initial connection, by failing over to the slave servers, in read-only state. It won't prevent subsequent failures when switching back to the master hosts i.e. by setting the replication connection to read/write state.
 ConnectionProperties.allowSlaveDownConnections=By default, a replication-aware connection will fail to connect when configured slave hosts are all unavailable at initial connection. Setting this property to 'true' allows to establish the initial connection. It won't prevent failures when switching to slaves i.e. by setting the replication connection to read-only state. The property 'readFromMasterWhenNoSlaves' should be used for this purpose. 
 ConnectionProperties.readFromMasterWhenNoSlaves=Replication-aware connections distribute load by using the master hosts when in read/write state and by using the slave hosts when in read-only state. If, when setting the connection to read-only state, none of the slave hosts are available, an SQLExeception is thrown back. Setting this property to 'true' allows to fail over to the master hosts, while setting the connection state to read-only, when no slave hosts are available at switch instant.
-ConnectionProperties.allowMultiQueries=Allow the use of ';' to delimit multiple queries during one statement (true/false), defaults to 'false', and does not affect the addBatch() and executeBatch() methods, which instead rely on rewriteBatchStatements.
+ConnectionProperties.allowMultiQueries=Allow the use of ';' to delimit multiple queries during one statement (true/false), defaults to 'false', and does not affect the addBatch() and executeBatch() methods, which instead rely on rewriteBatchedStatements.
 ConnectionProperties.allowNANandINF=Should the driver allow NaN or +/- INF values in PreparedStatement.setDouble()?
 ConnectionProperties.allowUrlInLoadLocal=Should the driver allow URLs in 'LOAD DATA LOCAL INFILE' statements?
 ConnectionProperties.alwaysSendSetIsolation=Should the driver always communicate with the database when Connection.setTransactionIsolation() is called? If set to false, the driver will only communicate with the database when the requested transaction isolation is different than the whichever is newer, the last value that was set via Connection.setTransactionIsolation(), or the value that was read from the server when the connection was established.  Note that useLocalSessionState=true will force the same behavior as alwaysSendSetIsolation=false, regardless of how alwaysSendSetIsolation is set.
@@ -572,7 +572,7 @@ ConnectionProperties.resourceId=A global
 ConnectionProperties.resultSetSizeThreshold=If the usage advisor is enabled, how many rows should a result set contain before the driver warns that it is suspiciously large?
 ConnectionProperties.retainStatementAfterResultSetClose=Should the driver retain the Statement reference in a ResultSet after ResultSet.close() has been called. This is not JDBC-compliant after JDBC-4.0.
 ConnectionProperties.retriesAllDown=When using loadbalancing or failover, the number of times the driver should cycle through available hosts, attempting to connect.  Between cycles, the driver will pause for 250ms if no servers are available.
-ConnectionProperties.rewriteBatchedStatements=Should the driver use multiqueries (irregardless of the setting of "allowMultiQueries") as well as rewriting of prepared statements for INSERT into multi-value inserts when executeBatch() is called? Notice that this has the potential for SQL injection if using plain java.sql.Statements and your code doesn't sanitize input correctly. Notice that for prepared statements, server-side prepared statements can not currently take advantage of this rewrite option, and that if you don't specify stream lengths when using PreparedStatement.set*Stream(), the driver won't be able to determine the optimum number of parameters per batch and you might receive an error from the driver that the resultant packet is too large. Statement.getGeneratedKeys() for these rewritten statements only works when the entire batch includes INSERT statements. Please be aware using rewriteBatchedStatements=true with INSERT .. ON DUPLICATE KEY UPDATE that for rewritten statement server returns only one value as sum of all affected (or found) rows in batch and it isn't possible to map it correctly to initial statements; in this case driver returns 0 as a result of each batch statement if total count was 0, and the Statement.SUCCESS_NO_INFO as a result of each batch statement if total count was > 0.
+ConnectionProperties.rewriteBatchedStatements=Should the driver use multiqueries (irregardless of the setting of "allowMultiQueries") as well as rewriting of prepared statements for INSERT into multi-value inserts when executeBatch() is called? Notice that this has the potential for SQL injection if using plain java.sql.Statements and your code doesn't sanitize input correctly. Notice that for prepared statements, if you don't specify stream lengths when using PreparedStatement.set*Stream(), the driver won't be able to determine the optimum number of parameters per batch and you might receive an error from the driver that the resultant packet is too large. Statement.getGeneratedKeys() for these rewritten statements only works when the entire batch includes INSERT statements. Please be aware using rewriteBatchedStatements=true with INSERT .. ON DUPLICATE KEY UPDATE that for rewritten statement server returns only one value as sum of all affected (or found) rows in batch and it isn't possible to map it correctly to initial statements; in this case driver returns 0 as a result of each batch statement if total count was 0, and the Statement.SUCCESS_NO_INFO as a result of each batch statement if total count was > 0.
 ConnectionProperties.rollbackOnPooledClose=Should the driver issue a rollback() when the logical connection in a pool is closed?
 ConnectionProperties.roundRobinLoadBalance=When autoReconnect is enabled, and failoverReadonly is false, should we pick hosts to connect to on a round-robin basis?
 ConnectionProperties.runningCTS13=Enables workarounds for bugs in Sun's JDBC compliance testsuite version 1.3
Index: mysql-connector-java-5.1.47/src/com/mysql/jdbc/PreparedStatement.java
===================================================================
--- mysql-connector-java-5.1.47.orig/src/com/mysql/jdbc/PreparedStatement.java
+++ mysql-connector-java-5.1.47/src/com/mysql/jdbc/PreparedStatement.java
@@ -409,22 +409,23 @@ public class PreparedStatement extends c
             int indexOfValues = -1;
             int valuesSearchStart = this.statementStartPos;
 
+            // VALUE is a synonym for VALUES
             while (indexOfValues == -1) {
                 if (quoteCharStr.length() > 0) {
-                    indexOfValues = StringUtils.indexOfIgnoreCase(valuesSearchStart, sql, "VALUES", quoteCharStr, quoteCharStr,
+                    indexOfValues = StringUtils.indexOfIgnoreCase(valuesSearchStart, sql, "VALUE", quoteCharStr, quoteCharStr,
                             StringUtils.SEARCH_MODE__MRK_COM_WS);
                 } else {
-                    indexOfValues = StringUtils.indexOfIgnoreCase(valuesSearchStart, sql, "VALUES");
+                    indexOfValues = StringUtils.indexOfIgnoreCase(valuesSearchStart, sql, "VALUE");
                 }
 
                 if (indexOfValues > 0) {
-                    /* check if the char immediately preceding VALUES may be part of the table name */
+                    /* check if the char immediately preceding VALUE[S] may be part of the table name */
                     char c = sql.charAt(indexOfValues - 1);
                     if (!(Character.isWhitespace(c) || c == ')' || c == '`')) {
                         valuesSearchStart = indexOfValues + 6;
                         indexOfValues = -1;
                     } else {
-                        /* check if the char immediately following VALUES may be whitespace or open parenthesis */
+                        /* check if the char immediately following VALUE[S] may be whitespace or open parenthesis */
                         c = sql.charAt(indexOfValues + 6);
                         if (!(Character.isWhitespace(c) || c == '(')) {
                             valuesSearchStart = indexOfValues + 6;
@@ -440,7 +441,9 @@ public class PreparedStatement extends c
                 return null;
             }
 
-            int indexOfFirstParen = sql.indexOf('(', indexOfValues + 6);
+            // VALUE vs VALUES length
+            int valLength = sql.length() > indexOfValues + 5 && Character.toUpperCase(sql.charAt(indexOfValues + 5)) == 'S' ? 6 : 5;
+            int indexOfFirstParen = sql.indexOf('(', indexOfValues + valLength);
 
             if (indexOfFirstParen == -1) {
                 return null;
@@ -3667,7 +3670,16 @@ public class PreparedStatement extends c
 
                                 break;
                             } else if (parameterObj instanceof String) {
-                                setBoolean(parameterIndex, "true".equalsIgnoreCase((String) parameterObj) || !"0".equalsIgnoreCase((String) parameterObj));
+                                if ("true".equalsIgnoreCase((String) parameterObj) || "Y".equalsIgnoreCase((String) parameterObj)) {
+                                    setBoolean(parameterIndex, true);
+                                } else if ("false".equalsIgnoreCase((String) parameterObj) || "N".equalsIgnoreCase((String) parameterObj)) {
+                                    setBoolean(parameterIndex, false);
+                                } else if (((String) parameterObj).matches("-?\\d+\\.?\\d*")) {
+                                    setBoolean(parameterIndex, !((String) parameterObj).matches("-?[0]+[.]*[0]*"));
+                                } else {
+                                    throw SQLError.createSQLException("No conversion from " + parameterObj + " to Types.BOOLEAN possible.",
+                                            SQLError.SQL_STATE_ILLEGAL_ARGUMENT, getExceptionInterceptor());
+                                }
 
                                 break;
                             } else if (parameterObj instanceof Number) {

Places

File mysql-connector-java-CVE-2020-2875_CVE-2020-2933_CVE-2020-2934.patch of Package mysql-connector-java (Revision 72b3bb4af38be4d358d3229fd4d5792f)

Places