Memory Allocation Issue in ProxySQL_Cluster::pull_mysql_servers_v2_from_peer

Question

Memory Allocation Issue in ProxySQL_Cluster::pull_mysql_servers_v2_from_peer

SuJinpei opened this issue 3 months ago · 1 comments

Description of the Issue

There is a potential buffer overflow vulnerability in the ProxySQL_Cluster::pull_mysql_servers_v2_from_peer function within the ProxySQL_Cluster.cpp file. Specifically, in the code that inserts data into the mysql_servers table, the memory allocation for the query string uses an incorrect variable, which could lead to insufficient memory allocation and subsequent buffer overflow.

ProxySQL Version

v2.x

Steps to Reproduce

Open the ProxySQL_Cluster.cpp file.
Locate the ProxySQL_Cluster::pull_mysql_servers_v2_from_peer function.
Find the following line of code:

char *query = (char *)malloc(strlen(q)+i+strlen(o)+64);

Observe that i is used instead of l for memory allocation.

Proposed Fix

Replace the line:

char *query = (char *)malloc(strlen(q)+i+strlen(o)+64);

with:

char *query = (char *)malloc(strlen(q)+l+strlen(o)+64);

Answer 1 · 2024-06-26T16:35:43.000Z

Hi @SuJinpei,

thanks for the clear report, the issue you mention and other similar cases should be now handle in PR #4573. This issue will be closed when the PR is merged.

Thanks, regards, Javier.