search

cossacklabs / acra

Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL.
https://www.cossacklabs.com/acra/
Apache License 2.0
1.32k stars 128 forks source link

[ISSUE] "Error 2006: MySQL server has gone away" while executing mysqli prepared statements #653

Closed slatyshev closed 12 months ago

slatyshev commented 1 year ago

Describe the bug I received "Error 2006: MySQL server has gone away" when trying to execute a prepared statement in my PHP code using mysqli via AcraServer. To reproduce the issue, you should pass "null" as one of the arguments with type "i" (integer). When I execute the query directly to MySQL, it works fine.

To Reproduce Steps to reproduce the behavior:

  1. Create a schema and a table in your MySQL database (the table should have at least one numeric column).
  2. Connect to an acra-server via mysqli_connect in your PHP code.
  3. Create a SELECT prepared statement with a searching condition by the numeric field.
  4. Bind "null" to the field of your prepared statement.
  5. Execute the statement, get "false" as a result, and receive "Error 2006: MySQL server has gone away" from mysqli_errno and mysqli_error functions.

You can use the archive I attached to the report to reproduce it via docker: docker compose up test-php

Expected behavior No errors occur. MySQL considers the result of comparison with "null" as FALSE.

Acra configuration files For launching AcraServer from docker-compose.yml:

   # Acra
  test-acra-keymaker_client:
    image: cossacklabs/acra-keymaker:latest
    network_mode: "none"
    environment:
      ACRA_MASTER_KEY: N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=
    volumes:
      - ./:/keys
    command: >-
      --client_id="SomeId"
      --generate_acrawriter_keys
      --generate_hmac_key
      --keys_output_dir=/keys/acra-server
      --keys_public_output_dir=/keys/acra-server
      --keystore=v1

  test-acra-server:
    image: cossacklabs/acra-server:latest
    depends_on:
      - test-acra-keymaker_client
      - test-mysql
    ports:
      - "9393:9393"
      - "6060:6060"
    environment:
      ACRA_MASTER_KEY: N0MyZEVCRGY1cHA4ODRSVHp3c3BNeGtDekxaV3BhTHI=
    volumes:
      - ./acra-server:/keys:ro
      - ./config.yml:/config.yml
    command: >-
      --encryptor_config_file=/config.yml
      --client_id="SomeId"
      --mysql_enable
      --db_host=test-mysql
      --db_port=3306
      --keys_dir=/keys
      --keystore_cache_size=-1
      --keystore_cache_on_start_enable=false
      -ds
      -v
      -d

For AcraServer encryption (it can be omitted, though):

schemas:
  - table: test_table
    columns:
      - id
      - foo
      - bar
    encrypted:
      - column: foo
        searchable: true

Environment (please complete the following information):

Additional context You can quickly reproduce the error by launching docker compose up test-php from this archive: issue.zip

vixentael commented 1 year ago

Thank you @slatyshev we put it in a queue to test