6

Yukang-Lian · Yukang-Lian · commit d21a7bd43b84 · 2025-10-30T19:49:49.000+08:00
diff --git a/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlChannel.java b/fe/fe-core/src/main/java/org/apache/doris/mysql/MysqlChannel.java
@@ -349,25 +349,35 @@ public ByteBuffer fetchOnePacket() throws IOException {
             // before read, set limit to make read only one packet
             result.limit(result.position() + packetLen);
             readLen = readAll(result, false);
-            if (isSslMode && !isSslHandshaking && remainingBuffer.position() == 0 && result.hasRemaining()) {
+            boolean hasBufferedRemainder = remainingBuffer != null && remainingBuffer.limit() != 0;
+            if (isSslMode && !isSslHandshaking && !hasBufferedRemainder && result.hasRemaining()) {
                 byte[] header = result.array();
+                int available = result.limit();
+                if (available < PACKET_HEADER_LEN) {
+                    LOG.warn("SSL mode: packet header incomplete. available bytes: " + available);
+                    throw new IOException("Incomplete MySQL packet header.");
+                }
                 int mysqlPacketLength = (header[0] & 0xFF) | ((header[1] & 0xFF) << 8) | ((header[2] & 0xFF) << 16);
-                if (result.position() >= 4 && mysqlPacketLength > 0 && mysqlPacketLength
-                        <= MAX_PHYSICAL_PACKET_LENGTH) {
-                    int packetId = header[3] & 0xFF;
-                    if (packetId != sequenceId) {
-                        LOG.warn("receive packet sequence id[" + packetId + "] want to get[" + sequenceId + "]");
-                        throw new IOException("Bad packet sequence.");
-                    }
-                } else {
-                    if (LOG.isDebugEnabled()) {
-                        LOG.debug("SSL mode: skipping sequence check, packet length: " + mysqlPacketLength
-                                + ", buffer position: " + result.position());
-                    }
+                if (mysqlPacketLength <= 0 || mysqlPacketLength > MAX_PHYSICAL_PACKET_LENGTH) {
+                    LOG.warn("SSL mode: invalid mysql packet length: " + mysqlPacketLength);
+                    throw new IOException("Invalid MySQL packet length: " + mysqlPacketLength);
+                }
+                int packetId = header[3] & 0xFF;
+                if (packetId != sequenceId) {
+                    LOG.warn("receive packet sequence id[" + packetId + "] want to get[" + sequenceId + "]");
+                    throw new IOException("Bad packet sequence.");
                 }
                 // remove mysql packet header
                 result.position(4);
                 result.compact();
+                int payloadBytes = result.position();
+                if (payloadBytes > 0) {
+                    int commandCode = result.array()[0] & 0xFF;
+                    if (MysqlCommand.fromCode(commandCode) == null) {
+                        LOG.warn("SSL mode: unknown mysql command code: " + commandCode);
+                        throw new IOException("Unknown MySQL command: " + commandCode);
+                    }
+                }
                 // when encounter large sql query, one mysql packet will be packed as multiple ssl packets.
                 // we need to read all ssl packets to combine the complete mysql packet.
                 while (mysqlPacketLength > result.limit()) {
