Skip to content

MDEV-27561 Fix uninitialized memory in DES_ENCRYPT#5381

Open
vaintroub wants to merge 1 commit into
10.11from
MDEV-27561
Open

MDEV-27561 Fix uninitialized memory in DES_ENCRYPT#5381
vaintroub wants to merge 1 commit into
10.11from
MDEV-27561

Conversation

@vaintroub

Copy link
Copy Markdown
Member

Initialize keyblock to zero before EVP_BytesToKey to prevent ununitialized access later in DES_set_key_unchecked()

@vaintroub vaintroub requested a review from Copilot July 13, 2026 14:03

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request resolves Valgrind/MSAN errors in Item_func_des_encrypt::val_str and Item_func_des_decrypt::val_str by zero-initializing the keyblock buffer before it is used. A regression test is also added. The reviewer recommended wrapping the DES_ENCRYPT call in the test case with HEX() to prevent raw binary/non-printable characters in the test result file, which could lead to encoding or platform-dependent test failures.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

Comment thread mysql-test/main/func_des_encrypt.test Outdated

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR addresses MDEV-27561 by preventing potential uninitialized-memory reads in the DES_ENCRYPT/DES_DECRYPT key-derivation path when using a user-supplied key string, and adds a regression test to exercise the sanitizer-reported scenario.

Changes:

  • Zero-initialize the st_des_keyblock stack variable before calling EVP_BytesToKey() in both DES_ENCRYPT and DES_DECRYPT code paths.
  • Add an MTR test case intended to reproduce the Valgrind/MSAN report for Item_func_des_encrypt::val_str.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File Description
sql/item_strfunc.cc Clears keyblock before key derivation to avoid uninitialized data propagation into DES key setup.
mysql-test/main/func_des_encrypt.test Adds a query intended to reproduce the MSAN/Valgrind issue.
mysql-test/main/func_des_encrypt.result Captures expected output for the new test section.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread mysql-test/main/func_des_encrypt.test Outdated
Comment thread mysql-test/main/func_des_encrypt.result Outdated
Initialize keyblock to zero before EVP_BytesToKey to prevent ununitialized
access later in DES_set_key_unchecked()

Also, harden DES_ENCRYPT against second PS execution.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Development

Successfully merging this pull request may close these issues.

3 participants