utils: don't mutate registered tls configs (go-sql-driver#600)

pivotal-rebecca-chin · julienschmidt · commit 44fa292b235f · 2017-05-30T22:49:38.000+08:00
Fixes go-sql-driver#536
diff --git a/AUTHORS b/AUTHORS
@@ -18,6 +18,7 @@ Carlos Nieto <jose.carlos at menteslibres.net>
 Chris Moos <chris at tech9computers.com>
 Daniel Nichter <nil at codenode.com>
 Daniël van Eeden <git at myname.nl>
+Dave Protasowski <dprotaso at gmail.com>
 DisposaBoy <disposaboy at dby.me>
 Egor Smolyakov <egorsmkv at gmail.com>
 Frederick Mayle <frederickmayle at gmail.com>
@@ -46,6 +47,7 @@ Nicola Peduzzi <thenikso at gmail.com>
 Olivier Mengué <dolmen at cpan.org>
 Paul Bonser <misterpib at gmail.com>
 Peter Schultz <peter.schultz at classmarkets.com>
+Rebecca Chin <rchin at pivotal.io>
 Runrioter Wung <runrioter at gmail.com>
 Soroush Pour <me at soroushjp.com>
 Stan Putrya <root.vagner at gmail.com>
@@ -59,4 +61,5 @@ Zhenye Xie <xiezhenye at gmail.com>
 
 Barracuda Networks, Inc.
 Google Inc.
+Pivotal Inc.
 Stripe Inc.
diff --git a/dsn.go b/dsn.go
@@ -511,6 +511,8 @@ func parseDSNParams(cfg *Config, params string) (err error) {
 				}
 
 				if tlsConfig, ok := tlsConfigRegister[name]; ok {
+					tlsConfig = cloneTLSConfig(tlsConfig)
+
 					if len(tlsConfig.ServerName) == 0 && !tlsConfig.InsecureSkipVerify {
 						host, _, err := net.SplitHostPort(cfg.Addr)
 						if err == nil {
diff --git a/dsn_test.go b/dsn_test.go
@@ -159,6 +159,8 @@ func TestDSNWithCustomTLS(t *testing.T) {
 		t.Error(err.Error())
 	} else if cfg.tls.ServerName != name {
 		t.Errorf("did not get the correct ServerName (%s) parsing DSN (%s).", name, tst)
+	} else if tlsCfg.ServerName != "" {
+		t.Errorf("tlsCfg was mutated ServerName (%s) should be empty parsing DSN (%s).", name, tst)
 	}
 
 	DeregisterTLSConfig("utils_test")
diff --git a/utils.go b/utils.go
@@ -26,6 +26,8 @@ var (
 // RegisterTLSConfig registers a custom tls.Config to be used with sql.Open.
 // Use the key as a value in the DSN where tls=value.
 //
+// Note: The tls.Config provided to needs to be exclusively owned by the driver after registering.
+//
 //  rootCertPool := x509.NewCertPool()
 //  pem, err := ioutil.ReadFile("/path/ca-cert.pem")
 //  if err != nil {
diff --git a/utils_go17.go b/utils_go17.go
@@ -0,0 +1,40 @@
+// Go MySQL Driver - A MySQL-Driver for Go's database/sql package
+//
+// Copyright 2017 The Go-MySQL-Driver Authors. All rights reserved.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// +build go1.7
+// +build !go1.8
+
+package mysql
+
+import "crypto/tls"
+
+func cloneTLSConfig(c *tls.Config) *tls.Config {
+	return &tls.Config{
+		Rand:                        c.Rand,
+		Time:                        c.Time,
+		Certificates:                c.Certificates,
+		NameToCertificate:           c.NameToCertificate,
+		GetCertificate:              c.GetCertificate,
+		RootCAs:                     c.RootCAs,
+		NextProtos:                  c.NextProtos,
+		ServerName:                  c.ServerName,
+		ClientAuth:                  c.ClientAuth,
+		ClientCAs:                   c.ClientCAs,
+		InsecureSkipVerify:          c.InsecureSkipVerify,
+		CipherSuites:                c.CipherSuites,
+		PreferServerCipherSuites:    c.PreferServerCipherSuites,
+		SessionTicketsDisabled:      c.SessionTicketsDisabled,
+		SessionTicketKey:            c.SessionTicketKey,
+		ClientSessionCache:          c.ClientSessionCache,
+		MinVersion:                  c.MinVersion,
+		MaxVersion:                  c.MaxVersion,
+		CurvePreferences:            c.CurvePreferences,
+		DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled,
+		Renegotiation:               c.Renegotiation,
+	}
+}
diff --git a/utils_go18.go b/utils_go18.go
@@ -0,0 +1,17 @@
+// Go MySQL Driver - A MySQL-Driver for Go's database/sql package
+//
+// Copyright 2017 The Go-MySQL-Driver Authors. All rights reserved.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// +build go1.8
+
+package mysql
+
+import "crypto/tls"
+
+func cloneTLSConfig(c *tls.Config) *tls.Config {
+	return c.Clone()
+}
diff --git a/utils_legacy.go b/utils_legacy.go
@@ -0,0 +1,18 @@
+// Go MySQL Driver - A MySQL-Driver for Go's database/sql package
+//
+// Copyright 2017 The Go-MySQL-Driver Authors. All rights reserved.
+//
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// +build !go1.7
+
+package mysql
+
+import "crypto/tls"
+
+func cloneTLSConfig(c *tls.Config) *tls.Config {
+	clone := *c
+	return &clone
+}

Original file line number	Diff line number	Diff line change
`@@ -511,6 +511,8 @@ func parseDSNParams(cfg *Config, params string) (err error) {`
`511`	`511`	`}`
`512`	`512`
`513`	`513`	`if tlsConfig, ok := tlsConfigRegister[name]; ok {`
	`514`	`+ tlsConfig = cloneTLSConfig(tlsConfig)`
	`515`	`+`
`514`	`516`	`if len(tlsConfig.ServerName) == 0 && !tlsConfig.InsecureSkipVerify {`
`515`	`517`	`host, _, err := net.SplitHostPort(cfg.Addr)`
`516`	`518`	`if err == nil {`
Original file line number	Diff line number	Diff line change
`@@ -159,6 +159,8 @@ func TestDSNWithCustomTLS(t *testing.T) {`
`159`	`159`	`t.Error(err.Error())`
`160`	`160`	`} else if cfg.tls.ServerName != name {`
`161`	`161`	`t.Errorf("did not get the correct ServerName (%s) parsing DSN (%s).", name, tst)`
	`162`	`+ } else if tlsCfg.ServerName != "" {`
	`163`	`+ t.Errorf("tlsCfg was mutated ServerName (%s) should be empty parsing DSN (%s).", name, tst)`
`162`	`164`	`}`
`163`	`165`
`164`	`166`	`DeregisterTLSConfig("utils_test")`