MySQL SSL Users: BEWARE This Bug

If you’re using MySQL and SSL, you might want to glance over this article and give your setup a quick test.

** Update: If you are looking for “how-to” set up SSL for MySQL (something much clearer than the MySQL manual that also exposes some hidden facts), then please see this article I’ve written here: Setting Up SSL For MySQL **

I’ve uncovered an alarming bug in 5.5 where one could gain access to your MySQL instance just knowing the username and password (not having any SSL certificate, key, etc.)!

Of course, I’ve filed a bug about it here:

It’s been over 4 days now, and not one comment from the MySQL Bug/Dev Team.

So once again, I feel the need to share this bug with the public, in case you are using SSL with 5.5, and think your connections are secure, or that only users with the certs/key could gain access.

For SSL Users, you’ll already have this set up, but for those who don’t, I’ve simply got mysqld (5.5.15 and 5.5.16 thus far) running with the following options:

ssl-ca	 = "C:/Program Files/MySQL/mysql-5.5.16/certs/ca-cert.pem"
ssl-cert = "C:/Program Files/MySQL/mysql-5.5.16/certs/server-cert.pem"
ssl-key	 = "C:/Program Files/MySQL/mysql-5.5.16/certs/server-key.pem"

In theory, any user connecting should either be specifying the –ssl-ca option, path, and file, or both the –ssl-cert and –ssl-key options.

However, at least in 5.5.15 and 5.5.16 (haven’t tested any others yet), one can connect with *just* the –ssl-key option.

What’s worse, and most important, is that you don’t even have to specify a file here. Just specify some bogus text!

I created 2 users, one local and one remote, using these 2 commands:

GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'localhost' IDENTIFIED BY 'ssluser' REQUIRE SSL;)
GRANT ALL PRIVILEGES ON *.* TO 'ssluser'@'remote-hostname' IDENTIFIED BY 'ssluser' REQUIRE SSL;

Now, just specify “buggg” for the -ssl-key option (no path, no file, no nothing):

mysql -ussluser -pssluser -P3430 --ssl-key=buggg


The user connects as if it were using an SSL connection. All that was needed to connect to this remote host is the username and password.

Check out the output:


C:\Program Files\MySQL\mysql-5.5.16\bin>mysql -ussluser -pssluser -P3430 --ssl-key=buggg
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.5.16-log MySQL Community Server (GPL)

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> status
mysql  Ver 14.14 Distrib 5.5.16, for Win32 (x86)

Connection id:          11
Current database:
Current user:           ssluser@localhost
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Using delimiter:        ;
Server version:         5.5.16-log MySQL Community Server (GPL)
Protocol version:       10
Connection:             localhost via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    cp850
Conn.  characterset:    cp850
TCP port:               3430
Uptime:                 35 min 26 sec

Threads: 1  Questions: 24  Slow queries: 0  Opens: 33  Flush tables: 1  Open tables: 0 
Queries per second avg: 0.011

Remote Host:

C:\Documents and Settings>mysql -ussluser -pssluser -h192.168.1.100 -P3430 --ssl-key=buggg
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.5.16-log MySQL Community Server (GPL)

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> status
mysql  Ver 14.12 Distrib 5.0.70, for Win32 (ia32)

Connection id:          6
Current database:
Current user:           ssluser@HOST-LAPTOP
SSL:                    Cipher in use is DHE-RSA-AES256-SHA
Using delimiter:        ;
Server version:         5.5.16-log MySQL Community Server (GPL)
Protocol version:       10
Connection:    via TCP/IP
Server characterset:    latin1
Db     characterset:    latin1
Client characterset:    latin1
Conn.  characterset:    latin1
TCP port:               3430
Uptime:                 13 min 13 sec

Threads: 2  Questions: 14  Slow queries: 0  Opens: 33  Flush tables: 1 Open tab
les: 26  Queries per second avg: 0.017

Again, I have no idea how many versions are affected by this yet. I’ve only tested 5.5.15 and 5.5.16 (seen on both Windows and Linux, as well).

In fact, that’s all I thought I would have needed to test, as I thought MySQL would have been all over this bug. But since there’s been no word from them about it, I feel it’s my duty to let the community know about this bug until it gets fixed.

(And I even wonder if the above is secure or not. I mean, it “says” the cipher is in use, but since I didn’t specify a ssl cert or key, how can I be certain this is secure.)

Nasty Regression Bug: SELECT COUNT(DISTINCT) crashes InnoDB when WHERE operand is in Primary Key or Unique Index

In 5.5, a crashing, regression bug exists if you use SELECT COUNT(DISTINCT) *and* one of the WHERE operands is in the Primary Key (or just a unique index).

** Update: This bug may be fixed in 5.5.18. At least initial my initial test (the test case provided below) did not crash in 5.5.18. The MySQL Dev Team has not confirmed if this has been fixed or not, nor is there any mention of a fix in the 5.5.18 changelogs, so proceed with caution.

Note this bug does *not* affect any version of MariaDB – 5.1, 5.2, or 5.3. ** (12/5/2011)

This simple crash (if only one row is in the table) will crash mysqld.

Of course I’ve filed a bug report, but that has been nearly 3 months and no updates yet.

Here is the bug I filed (which you won’t be able to view):

Really, the only thing that happened to my bug report was that it was designated a duplicate of another bug (which we also cannot view):

Based on the id, and the submitted dates of bugs 61100 and 61102, this initial bug (61101) was filed on May 9, 2011. So, in fact, this bug has been present for over 5 months, and not one breath of an update to the public!

Therefore, I felt it necessary to warn others about this bug, (or possibly you’ll run across this if you’re searching on SELECT COUNT(DISTINCT) in the future).

All I can say is please watch out for it!

It is extremely easy to reproduce:

CREATE TABLE t (a int(1), b int(1), PRIMARY KEY (a,b)) ENGINE=InnoDB;

–> crash <-- For those interested, this was filed against 5.5.14. However, with each new release, I've continued testing, and this bug is present in 5.5.15, 5.5.16, and thus far in 5.5.17 (built from the latest bzr tree). Hopefully we don't go too many more months before this is finally fixed. And for reference (and those searching on the stack trace / error log messages), here is my full error log snippet from 5.5.16:

111017 10:54:47 [Note] C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld: ready for connections.
Version: ‘5.5.16’  socket: ”  port: 3308  MySQL Community Server (GPL)
 len 128; hex f8aec9037d803805f017fc03189ddc030000000…
111017 10:55:12  InnoDB: Assertion failure in thread 5000 in file btr0pcur.c line 236
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: about forcing recovery.
111017 10:55:12 – mysqld got exception 0xc0000005 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

It is possible that mysqld could use up to 
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 58325 K
bytes of memory
Hope that’s ok; if not, decrease some variables in the equation.

Thread pointer: 0x3c98428
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong…
00CE92EC    mysqld.exe!btr_pcur_restore_position_func()[btr0pcur.c:236]
00CA62FB    mysqld.exe!sel_restore_position_for_mysql()[row0sel.c:3081]
00CA6CEA    mysqld.exe!row_search_for_mysql()[row0sel.c:3820]
00C5FE20    mysqld.exe!ha_innobase::general_fetch()[]
00C5FEDD    mysqld.exe!ha_innobase::index_next()[]
00C20DDA    mysqld.exe!index_next_different()[]
00C249BC    mysqld.exe!QUICK_GROUP_MIN_MAX_SELECT::next_prefix()[]
00C26BE7    mysqld.exe!QUICK_GROUP_MIN_MAX_SELECT::get_next()[]
00B68D01    mysqld.exe!rr_quick()[]
00BC1B9A    mysqld.exe!sub_select()[]
00BD10A7    mysqld.exe!do_select()[]
00BD37BD    mysqld.exe!JOIN::exec()[]
00BD3A29    mysqld.exe!mysql_select()[]
00BD3D4B    mysqld.exe!handle_select()[]
00ACD76E    mysqld.exe!execute_sqlcom_select()[]
00ACF816    mysqld.exe!mysql_execute_command()[]
00AD2D1F    mysqld.exe!mysql_parse()[]
00AD3848    mysqld.exe!dispatch_command()[]
00AD43BB    mysqld.exe!do_command()[]
00AF2DB6    mysqld.exe!do_handle_one_connection()[]
00AF2F44    mysqld.exe!handle_one_connection()[]
00C33DE4    mysqld.exe!pthread_start()[my_winthread.c:61]
00D9C6F3    mysqld.exe!_callthreadstartex()[threadex.c:348]
00D9C79B    mysqld.exe!_threadstartex()[threadex.c:326]
765F3823    kernel32.dll!BaseThreadInitThunk()
77CAA9BD    ntdll.dll!LdrInitializeThunk()

Trying to get some variables.
Some pointers may be invalid and cause the dump to abort.
Connection ID (thread ID): 1

The manual page at contains
information that should help you find out what is causing the crash.
InnoDB: Thread 5980 stopped in file os0sync.c line 781
InnoDB: Thread 6820 stopped in file os0sync.c line 474
InnoDB: Thread 7532 stopped in file os0sync.c line 474

Using MySQL Proxy 0.8.2 on Windows

If you try to start proxy 0.8.2 in Windows, and you receive this error:

The application has failed to start because its side-by-side configuration is incorrect.

Then you need to install the Microsoft Visual C++ runtime libraries (per the 0.8.2 changelogs). Here is the snippet from the changelogs (it just doesn’t mention the error):

The Microsoft Visual C++ runtime libraries are now a requirement for running MySQL Proxy. Users that do not have these libraries must download and install the Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package MFC Security Update. For the current Proxy version, use the following link to obtain the package:

(Bug #12836100)

And here is where you can download the Visual C++ runtime libraries:

Download the proper file for your OS: 32-bit, 64-bit, or IA-64 and install it. Installation is simple, quick, and no restart is required.

After that, restart proxy. The error should not arise and the proxy should start up normally.

However, should you still experience this error even after installing the Visual C++ runtime libs, then perhaps add some info to this bug:

Hope this helps anyone out there searching google for this specific error.

The MySQL Source is Now Back on Launchpad!

Last Friday, I had posted that the MySQL Source Code on Launchpad had not been updated (or rather not accessible by Lauchpad) in nearly a month.

I had actually started to file a bug report about this, but when posting the relevant links for documentation, I had noticed new information had been posted yesterday (10/10/2011).

Here was the orignal MySQL Launchpad page:

Here is the new message on this page:

“This is the old MySQL server branch and it is no longer used since mirroring setup has changed.

You can find the development head at instead.”

If you navigate to the new page:

You’ll see all of the updates, etc.

Furthermore, if you now issue:

bzr pull

You’ll see a number of new revisions pulled in (I had 3572, for instance).

Thank you for addressing this Mats, MySQL, and everyone else involved! 🙂

Where’s the Updated MySQL Source Code on Launchpad?

I know I’m not the only one to have noticed that all MySQL branches on Launchpad have not been accessible since September 10th, 2011, nearly 1 month.

Just visit here:

You’ll see it says:

“This branch may be out of date, because Launchpad has not been able to access it since 2011-09-10.”

I’d been seeing “No revisions to pull.” messages latley, when running “bzr pull”, but didn’t give it a whole lot of thought until reading the above note on Launchpad today.

Is it due to the recent security breach (where was hacked and infected some visitors with malware)? Well, I doubt it since this started on 9/10/2011 and the breach, according to The Register, occurred on 9/26/2011 (some 2 weeks later):

I hope this is not permanent, and/or a sign of things to come.

Installing perl-DBD-MySQL and Dealing with Dependency Issues on Linux

The other day, I just posted an article about setting up Perl on Windows for MySQL.

However, I just ran into an interesting Perl issue on Linux, and it was one slightly out of the ordinary, so I wanted to share the solution, as one might not find this one quickly otherwise.

The problem occured when trying to install the perl-DBD-MySQL module on a linux (CentOS) server, due to a dependency issue.

Most dependency issues are a little more straight-forward, but this one is what I’d almost call a ‘reverse’ dependency issue.

Here was the command:

shell$ yum install perl-DBD-MySQL

Here was the output/error:

Loaded plugins: dellsysid, fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package perl-DBD-MySQL.x86_64 0:3.0007-2.el5 set to be updated
--> Processing Dependency: for package: perl-DBD-MySQL
--> Processing Dependency: for package: perl-DBD-MySQL
--> Running transaction check
---> Package mysql.x86_64 0:5.0.77-4.el5_4.2 set to be updated
--> Processing Conflict: mysql conflicts MySQL
--> Finished Dependency Resolution
mysql-5.0.77-4.el5_4.2.x86_64 from updates-20100420 has depsolving problems
--> mysql conflicts with MySQL-server
Error: mysql conflicts with MySQL-server
You could try using --skip-broken to work around the problem
You could try running: package-cleanup --problems
package-cleanup --dupes
rpm -Va --nofiles --nodigest
The program package-cleanup is found in the yum-utils package.

Key facts are that this server is now running 5.5, but was running 5.0.77 at a prior time.

Just off the top, my initial quick thought was that an old 5.0.77 remnant was causing the conflict. So I checked all installed mysql rpms:

shell$ rpm -qa -last | grep -i mysql
MySQL-test-5.5.16-1.linux2.6 Tue 25 Jan 2011 12:54:28 PM EST
MySQL-server-5.5.16-1.linux2.6 Tue 25 Jan 2011 12:54:20 PM EST
MySQL-shared-5.5.16-1.linux2.6 Tue 25 Jan 2011 12:54:15 PM EST
MySQL-client-5.5.16-1.linux2.6 Tue 25 Jan 2011 12:54:13 PM EST
MySQL-devel-5.5.16-1.linux2.6 Tue 25 Jan 2011 12:54:09 PM EST

Hrm, no mention of any 5.0 remnant…

Looking closer at the error shows that yum is wanting to install But, is from MySQL 5.0! (Seems yum is just being conservative here.) So, that is what conflicted with the 5.5 shared library that’s already installed.

Had “MySQL-shared-compat-5.5.16” (client libraries, including support for older clients) been installed as opposed to just “MySQL-shared-5.5.16” (5.5 client libs), then the perl-DBD-MySQL would have installed fine.

And just be certain, we installed the shared-compat (used rpm -Uvh package_name), then re-ran the “yum install perl-DBD-MySQL”, and it installed perfectly.

Hope this helps any out there who run into this issue using yum to install the perl-DBD-MySQL module on 5.5 (and if you didn’t install shared-compat).