BUG32120659: Prepared statements w/o parameters violates MySQL protocol

isrgomez · nmariz · commit 24dcf48b9a18 · 2021-02-15T10:00:15.000Z
Connector python violates MySQL protocol sending unrequired extra bytes
with a prepared statement without any parameter.
like for:
 cur.execute("SELECT 1")
Before:
  b'\x0b\x00\x00\x00\x17\x01\x00\x00\x00\x00\x01\x00\x00\x00\x01'
Now:
  b'\x0a\x00\x00\x00\x17\x01\x00\x00\x00\x00\x01\x00\x00\x00'
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -17,6 +17,7 @@ v8.0.24
 - WL#14027: Add support for Python 3.9
 - BUG#32435181: Add support for Django 3.2
 - BUG#32162928: Change user command fails on pure python implementation
+- BUG#32120659: Prepared statements w/o parameters violates MySQL protocol
 - BUG#32039427: Remove python 3.4 support in MSI packaging
 - BUG#32029891: Add context manager support for pooled connections
 - BUG#31490101: Fix wrong cast of Python unicode to std::string
diff --git a/lib/mysql/connector/protocol.py b/lib/mysql/connector/protocol.py
@@ -727,17 +727,17 @@ def make_stmt_execute(self, statement_id, data=(), parameters=(),
         packet = (
             utils.int4store(statement_id) +
             utils.int1store(0) +
-            utils.int4store(iteration_count) +
-            b''.join([struct.pack('B', bit) for bit in null_bitmap]) +
-            utils.int1store(1)
-        )
-
-        for a_type in types:
-            packet += a_type
+            utils.int4store(iteration_count))
+        if len(parameters) > 0:
+            packet += (
+                b''.join([struct.pack('B', bit) for bit in null_bitmap]) +
+                utils.int1store(1))
 
-        for a_value in values:
-            packet += a_value
+            for a_type in types:
+                packet += a_type
 
+            for a_value in values:
+                packet += a_value
         return packet
 
     def parse_auth_switch_request(self, packet):
diff --git a/src/mysql_capi.c b/src/mysql_capi.c
@@ -2852,7 +2852,7 @@ MySQL_stmt_prepare(MySQL *self, PyObject *args)
     MYSQL_RES *mysql_res= NULL;
     int res= 0;
     const char *stmt_char= NULL;
-    unsigned int stmt_length= 0;
+    unsigned long stmt_length= 0;
     unsigned long param_count= 0;
     PyObject *stmt;
     PyObject *prep_stmt;
@@ -2865,7 +2865,6 @@ MySQL_stmt_prepare(MySQL *self, PyObject *args)
     }
     stmt_char= PyBytes_AsString(stmt);
     stmt_length= strlen(stmt_char);
-
     mysql= &self->session;
 
     Py_BEGIN_ALLOW_THREADS
diff --git a/tests/test_protocol.py b/tests/test_protocol.py
@@ -503,6 +503,11 @@ def test_make_stmt_execute(self):
                           self._protocol.make_stmt_execute, statement_id,
                           ('ham', 'spam'), (1, 2, 3))
 
+        # Testing with no parameters
+        exp = bytearray(b'\x01\x00\x00\x00\x00\x01\x00\x00\x00')
+        res = self._protocol.make_stmt_execute(statement_id)
+        self.assertEqual(exp, res)
+
         data = ('ham', 'spam')
         exp = bytearray(
             b'\x01\x00\x00\x00\x00\x01\x00\x00\x00\x00\x01\x0f'
