Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: binary parser sometimes reads out of packet bounds when results … #2601

Merged
merged 1 commit into from
Apr 18, 2024
Merged

fix: binary parser sometimes reads out of packet bounds when results … #2601

merged 1 commit into from
Apr 18, 2024

Conversation

Parsonswy
Copy link
Contributor

@Parsonswy Parsonswy commented Apr 18, 2024
edited
Loading

Fixes #2602.

Check the nullBitmaskByte before trying to readLengthCodedBuffer() when typeCast: false on binary results.

@Parsonswy Parsonswy mentioned this pull request Apr 18, 2024
Closed
@Parsonswy Parsonswy marked this pull request as ready for review April 18, 2024 00:45
@sidorares
Copy link
Owner

sidorares commented Apr 18, 2024
edited
Loading

thanks for fix PR and detailed report @Parsonswy ! Do you think it would be possible to include a unit test ( failing without lib/parsers/binary_parser.js changes and passing with )?

The main change looks good to me

@codecov Codecov
Copy link

codecov bot commented Apr 18, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.32%. Comparing base (2129818) to head (40f9224).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #2601   +/-   ##
=======================================
  Coverage   90.32%   90.32%           
=======================================
  Files          71       71           
  Lines       15725    15727    +2     
  Branches     1339     1339           
=======================================
+ Hits        14204    14206    +2     
  Misses       1521     1521
Flag Coverage Δ
compression-0 90.32% <100.00%> (+<0.01%) ⬆️
compression-1 90.32% <100.00%> (+<0.01%) ⬆️
tls-0 89.85% <100.00%> (+<0.01%) ⬆️
tls-1 90.15% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Parsonswy
Copy link
Contributor Author

@sidorares Certainly. Test added.

@wellwelwel
Copy link
Sponsor Collaborator

LGTM 🚀

@sidorares sidorares merged commit 705835d into sidorares:master Apr 18, 2024
64 checks passed
@github-actions github-actions bot mentioned this pull request Apr 18, 2024
Merged
@Parsonswy Parsonswy deleted the fix/typecast-false-null-oob branch April 18, 2024 13:40
This was referenced May 19, 2024
Open
Open
Open
Open
@HelenaMission HelenaMission mentioned this pull request May 24, 2024
Open
@nvmitsme nvmitsme mentioned this pull request May 24, 2024
Open
@X-oss-byte X-oss-byte mentioned this pull request May 24, 2024
Open
@HelenaMission HelenaMission mentioned this pull request May 25, 2024
Open
@MounirGaiby MounirGaiby mentioned this pull request May 25, 2024
Open
@diyakou diyakou mentioned this pull request May 25, 2024
Open
This was referenced May 25, 2024
Open
Open
Open
@q1blue q1blue mentioned this pull request May 28, 2024
Open
Vylpes pushed a commit to Vylpes/Droplet that referenced this pull request May 28, 2024
@Vylpes
Update dependency mysql2 to v3.9.7 (#304)
3c5c1bb 
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [mysql2](https://sidorares.github.io/node-mysql2/docs) ([source](https://github.com/sidorares/node-mysql2)) | dependencies | patch | [`3.9.3` -> `3.9.7`](https://renovatebot.com/diffs/npm/mysql2/3.9.3/3.9.7) |

---

### Release Notes

<details>
<summary>sidorares/node-mysql2 (mysql2)</summary>

### [`v3.9.7`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#397-2024-04-21)

[Compare Source](sidorares/node-mysql2@v3.9.6...v3.9.7)

##### Bug Fixes

-   **security:** sanitize timezone parameter value to prevent code injection ([#&#8203;2608](sidorares/node-mysql2#2608)) ([7d4b098](sidorares/node-mysql2@7d4b098))

### [`v3.9.6`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#396-2024-04-18)

[Compare Source](sidorares/node-mysql2@v3.9.5...v3.9.6)

##### Bug Fixes

-   binary parser sometimes reads out of packet bounds when results contain null and typecast is false ([#&#8203;2601](sidorares/node-mysql2#2601)) ([705835d](sidorares/node-mysql2@705835d))

### [`v3.9.5`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#395-2024-04-17)

[Compare Source](sidorares/node-mysql2@v3.9.4...v3.9.5)

##### Bug Fixes

-   revert breaking change in results creation ([#&#8203;2591](sidorares/node-mysql2#2591)) ([f7c60d0](sidorares/node-mysql2@f7c60d0))

### [`v3.9.4`](https://github.com/sidorares/node-mysql2/blob/HEAD/Changelog.md#394-2024-04-09)

[Compare Source](sidorares/node-mysql2@v3.9.3...v3.9.4)

##### Bug Fixes

-   **docs:** improve the contribution guidelines ([#&#8203;2552](sidorares/node-mysql2#2552)) ([8a818ce](sidorares/node-mysql2@8a818ce))
-   **security:** improve results object creation ([#&#8203;2574](sidorares/node-mysql2#2574)) ([4a964a3](sidorares/node-mysql2@4a964a3))
-   **security:** improve supportBigNumbers and bigNumberStrings sanitization ([#&#8203;2572](sidorares/node-mysql2#2572)) ([74abf9e](sidorares/node-mysql2@74abf9e))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4wLjAiLCJ1cGRhdGVkSW5WZXIiOiIzNy4wLjAiLCJ0YXJnZXRCcmFuY2giOiJkZXZlbG9wIn0=-->

Reviewed-on: https://git.vylpes.xyz/RabbitLabs/Droplet/pulls/304
Co-authored-by: Renovate Bot <renovate@vylpes.com>
Co-committed-by: Renovate Bot <renovate@vylpes.com>
@q1blue q1blue mentioned this pull request May 29, 2024
Open
@TheLastArchive TheLastArchive mentioned this pull request May 29, 2024
Open
@hatifmujahid hatifmujahid mentioned this pull request May 30, 2024
Merged
@TheLastArchive TheLastArchive mentioned this pull request May 31, 2024
Open
This was referenced Sep 1, 2024
Open
Open
@PugChungus PugChungus mentioned this pull request Sep 2, 2024
Open
@claude-morningstar47 claude-morningstar47 mentioned this pull request Sep 2, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 3, 2024
Open
@TheLastArchive TheLastArchive mentioned this pull request Sep 3, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 4, 2024
Open
This was referenced Sep 4, 2024
Open
Open
@PugChungus PugChungus mentioned this pull request Sep 6, 2024
Open
@TheLastArchive TheLastArchive mentioned this pull request Sep 6, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 7, 2024
Open
@MounirGaiby MounirGaiby mentioned this pull request Sep 7, 2024
Open
@TheLastArchive TheLastArchive mentioned this pull request Sep 7, 2024
Open
@tajul-saajan tajul-saajan mentioned this pull request Sep 7, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 8, 2024
Open
This was referenced Sep 8, 2024
Open
Open
@HelenaMission HelenaMission mentioned this pull request Sep 9, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 9, 2024
Open
@HelenaMission HelenaMission mentioned this pull request Sep 10, 2024
Open
@PugChungus PugChungus mentioned this pull request Sep 11, 2024
Open
@TheLastArchive TheLastArchive mentioned this pull request Sep 13, 2024
Open
@nvmitsme nvmitsme mentioned this pull request Sep 13, 2024
Open
This was referenced Sep 15, 2024
Open
Open
Open
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@Parsonswy @sidorares @wellwelwel