server, sessionctx: add multi statement workaround (#22351) #22469
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
cherry-pick #22351 to release-5.0-rc
You can switch your code base to this Pull Request by using git-extras:
# In tidb repo: git pr https://github.com/pingcap/tidb/pull/22469
After apply modifications, you can push your change to this PR via:
What problem does this PR solve?
Problem Summary:
v4.0.9 shipped with a fix for a server protocol vulnerability: #19459
It can be worked around by changing client library settings, but that's not always easy given each client library is different. This provides a server workaround as well, which adjusts from an error to a warning by default.
What is changed and how it works?
A new sysvar is added, called
tidb_multi_statement_mode
(scope: SESSION or GLOBAL). The type is anENUM
:OFF
: the MySQL compatible/safest behavior. Multi-statement is not permitted unless the client sets the multi-statement attribute. An error is returned.ON
: Multi-statement is permitted without errors or warnings.WARN
(default): Multi-statement is permitted, but returns a warning.Thus, the "4.0.8 and earlier" behavior can be restored with "ON". The 4.0.9 and 4.0.10 behavior is effectively "OFF".
Both the warning and error message is as follows:
The intention is to change the default from
WARN
back toOFF
in a 4.0-series release in the short future, so users are safe-by-default. In order to do this, SQL client error tracking will have to be added (see #14433 ). This PR ensures that this error uses the unique code of8030
so that deployment tools can check if a user depends on the unsafe behavior before attempting to upgrade them.Related changes
Check List
Tests
Side effects
Release note
COM_QUERY
packet, leading to increased risk of SQL injection. To provide backwards compatibility for applications that depend on this behavior, a new optiontidb_multi_statement_mode
has been added. Assuming you understand the security risks, you can revert to the 4.0.8 by executingSET GLOBAL tidb_multi_statement_mode='ON'
. The default behavior oftidb_multi_statement_mode
also relaxes the error introduced in 4.0.9 to a warning. It is intended to be changed to an error again in a future release.