database/mariadb-connector-c
1
0
Fork 0
mirror of https://github.com/mariadb-corporation/mariadb-connector-c.git synced 2025-08-08 14:02:17 +03:00
Code Activity

Fixed several memory leaks in ma_ssl.c

Browse Source
This commit is contained in:
Georg Richter
2016-01-07 13:23:28 +01:00
parent e3d75b994d
commit f62a2e0270
10 changed files with 80 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/ma_ssl.h
View File

@@ -151,5 +151,6 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl);
my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list); my_bool ma_pvio_ssl_check_fp(MARIADB_SSL *cssl, const char *fp, const char *fp_list);
my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio); my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio);
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version); my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version);
void ma_pvio_ssl_end();
#endif /* _ma_ssl_h_ */ #endif /* _ma_ssl_h_ */

4
include/mysql.h
View File

@@ -226,6 +226,9 @@ extern unsigned int mariadb_deinitialize_ssl;
MARIADB_CLIENT_ERRORS, MARIADB_CLIENT_ERRORS,
MARIADB_CLIENT_VERSION, MARIADB_CLIENT_VERSION,
MARIADB_CLIENT_VERSION_ID, MARIADB_CLIENT_VERSION_ID,
MARIADB_CONNECTION_ERROR,
MARIADB_CONNECTION_ERROR_ID,
MARIADB_CONNECTION_SQLSTATE,
MARIADB_CONNECTION_ASYNC_TIMEOUT, MARIADB_CONNECTION_ASYNC_TIMEOUT,
MARIADB_CONNECTION_ASYNC_TIMEOUT_MS, MARIADB_CONNECTION_ASYNC_TIMEOUT_MS,
MARIADB_CONNECTION_HOST, MARIADB_CONNECTION_HOST,
@@ -239,6 +242,7 @@ extern unsigned int mariadb_deinitialize_ssl;
MARIADB_CONNECTION_SERVER_VERSION_ID, MARIADB_CONNECTION_SERVER_VERSION_ID,
MARIADB_CONNECTION_SOCKET, MARIADB_CONNECTION_SOCKET,
MARIADB_CONNECTION_SSL_CIPHER, MARIADB_CONNECTION_SSL_CIPHER,
MARIADB_CONNECTION_SSL_LIBRARY,
MARIADB_CONNECTION_SSL_VERSION, MARIADB_CONNECTION_SSL_VERSION,
MARIADB_CONNECTION_SSL_VERSION_ID, MARIADB_CONNECTION_SSL_VERSION_ID,
MARIADB_CONNECTION_TYPE, MARIADB_CONNECTION_TYPE,

34
libmariadb/libmariadb.c
View File

@@ -3122,10 +3122,9 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
case MARIADB_OPT_SSL_PASSPHRASE: case MARIADB_OPT_SSL_PASSPHRASE:
*((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL; *((char **)arg)= mysql->options.extension ? mysql->options.extension->ssl_pw : NULL;
break; break;
/* todo
case MARIADB_OPT_CONNECTION_READ_ONLY: case MARIADB_OPT_CONNECTION_READ_ONLY:
*((my_bool *)arg)= mysql->options.extension ? mysql->options.extension->read_only : 0;
break; break;
*/
case MARIADB_OPT_USERDATA: case MARIADB_OPT_USERDATA:
/* nysql_get_optionv(mysql, MARIADB_OPT_USERDATA, key, value) */ /* nysql_get_optionv(mysql, MARIADB_OPT_USERDATA, key, value) */
{ {
@@ -3450,6 +3449,9 @@ void STDCALL mysql_server_end(void)
list_free(pvio_callback, 0); list_free(pvio_callback, 0);
if (my_init_done) if (my_init_done)
my_end(0); my_end(0);
#ifdef HAVE_SSL
ma_pvio_ssl_end();
#endif
mysql_client_init= 0; mysql_client_init= 0;
my_init_done= 0; my_init_done= 0;
} }
@@ -3570,6 +3572,21 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
case MARIADB_NET_BUFFER_LENGTH: case MARIADB_NET_BUFFER_LENGTH:
*((size_t *)arg)= (size_t)net_buffer_length; *((size_t *)arg)= (size_t)net_buffer_length;
break; break;
case MARIADB_CONNECTION_ERROR_ID:
if (!mysql)
goto error;
*((unsigned int *)arg)= mysql->net.last_errno;
break;
case MARIADB_CONNECTION_ERROR:
if (!mysql)
goto error;
*((char **)arg)= mysql->net.last_error;
break;
case MARIADB_CONNECTION_SQLSTATE:
if (!mysql)
goto error;
*((char **)arg)= mysql->net.sqlstate;
break;
case MARIADB_CONNECTION_SSL_VERSION: case MARIADB_CONNECTION_SSL_VERSION:
#ifdef HAVE_SSL #ifdef HAVE_SSL
if (mysql && mysql->net.pvio && mysql->net.pvio->cssl) if (mysql && mysql->net.pvio && mysql->net.pvio->cssl)
@@ -3594,6 +3611,19 @@ my_bool STDCALL mariadb_get_infov(MYSQL *mysql, enum mariadb_value value, void *
#endif #endif
goto error; goto error;
break; break;
case MARIADB_CONNECTION_SSL_LIBRARY:
#ifdef HAVE_SSL
#ifdef HAVE_GNUTLS
*((char **)arg)= "GNUTLS";
#elif HAVE_OPENSSL
*((char **)arg)= "OPENSSL";
#elif HAVE_SCHANNEL
*((char **)arg)= "SCHANNEL";
#endif
#else
*((char **)arg)= "OFF";
#endif
break;
case MARIADB_CLIENT_VERSION: case MARIADB_CLIENT_VERSION:
*((char **)arg)= MYSQL_CLIENT_VERSION; *((char **)arg)= MYSQL_CLIENT_VERSION;
break; break;

1
libmariadb/ma_pvio.c
View File

@@ -70,6 +70,7 @@ MARIADB_PVIO *ma_pvio_init(MA_PVIO_CINFO *cinfo)
* Currently we support the following pvio types: * Currently we support the following pvio types:
* pvio_socket * pvio_socket
* pvio_namedpipe * pvio_namedpipe
* pvio_sharedmed
*/ */
char *pvio_plugins[] = {"pvio_socket", "pvio_npipe", "pvio_shmem"}; char *pvio_plugins[] = {"pvio_socket", "pvio_npipe", "pvio_shmem"};
int type; int type;

11
libmariadb/ma_ssl.c
View File

@@ -78,7 +78,11 @@ MARIADB_SSL *ma_pvio_ssl_init(MYSQL *mysql)
my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl) my_bool ma_pvio_ssl_connect(MARIADB_SSL *cssl)
{ {
return ma_ssl_connect(cssl); my_bool rc;
if ((rc= ma_ssl_connect(cssl)))
ma_ssl_close(cssl);
return rc;
} }
size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length) size_t ma_pvio_ssl_read(MARIADB_SSL *cssl, const uchar* buffer, size_t length)
@@ -106,6 +110,11 @@ const char *ma_pvio_ssl_cipher(MARIADB_SSL *cssl)
return ma_ssl_get_cipher(cssl); return ma_ssl_get_cipher(cssl);
} }
void ma_pvio_ssl_end()
{
return ma_ssl_end();
}
my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version) my_bool ma_pvio_ssl_get_protocol_version(MARIADB_SSL *cssl, struct st_ssl_version *version)
{ {
return ma_ssl_get_protocol_version(cssl, version); return ma_ssl_get_protocol_version(cssl, version);

2
libmariadb/secure/gnutls.c
View File

@@ -35,6 +35,7 @@ pthread_mutex_t LOCK_gnutls_config;
static gnutls_certificate_credentials_t GNUTLS_xcred; static gnutls_certificate_credentials_t GNUTLS_xcred;
extern my_bool ma_ssl_initialized; extern my_bool ma_ssl_initialized;
extern unsigned int mariadb_deinitialize_ssl;
static int my_verify_callback(gnutls_session_t ssl); static int my_verify_callback(gnutls_session_t ssl);
@@ -137,6 +138,7 @@ void ma_ssl_end()
gnutls_certificate_free_crls(GNUTLS_xcred); gnutls_certificate_free_crls(GNUTLS_xcred);
gnutls_certificate_free_ca_names(GNUTLS_xcred); gnutls_certificate_free_ca_names(GNUTLS_xcred);
gnutls_certificate_free_credentials(GNUTLS_xcred); gnutls_certificate_free_credentials(GNUTLS_xcred);
if (mariadb_deinitialize_ssl)
gnutls_global_deinit(); gnutls_global_deinit();
ma_ssl_initialized= FALSE; ma_ssl_initialized= FALSE;
} }

10
libmariadb/secure/openssl.c
View File

@@ -41,6 +41,7 @@
#include <my_pthread.h> #include <my_pthread.h>
extern my_bool ma_ssl_initialized; extern my_bool ma_ssl_initialized;
extern unsigned int mariadb_deinitialize_ssl;
static SSL_CTX *SSL_context= NULL; static SSL_CTX *SSL_context= NULL;
#define MAX_SSL_ERR_LEN 100 #define MAX_SSL_ERR_LEN 100
@@ -226,14 +227,16 @@ void ma_ssl_end()
SSL_CTX_free(SSL_context); SSL_CTX_free(SSL_context);
SSL_context= NULL; SSL_context= NULL;
} }
if (mariadb_deinitialize_ssl)
{
ERR_remove_state(0); ERR_remove_state(0);
EVP_cleanup(); EVP_cleanup();
CRYPTO_cleanup_all_ex_data(); CRYPTO_cleanup_all_ex_data();
ERR_free_strings(); ERR_free_strings();
//ENGINE_cleanup();
CONF_modules_free(); CONF_modules_free();
CONF_modules_unload(1); CONF_modules_unload(1);
sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
}
ma_ssl_initialized= FALSE; ma_ssl_initialized= FALSE;
} }
pthread_mutex_unlock(&LOCK_openssl_config); pthread_mutex_unlock(&LOCK_openssl_config);
@@ -293,8 +296,13 @@ static int ma_ssl_set_certs(MYSQL *mysql)
if (keyfile && keyfile[0]) if (keyfile && keyfile[0])
{ {
if (SSL_CTX_use_PrivateKey_file(SSL_context, keyfile, SSL_FILETYPE_PEM) != 1) if (SSL_CTX_use_PrivateKey_file(SSL_context, keyfile, SSL_FILETYPE_PEM) != 1)
{
unsigned long err= ERR_peek_error();
if (!(ERR_GET_LIB(err) == ERR_LIB_X509 &&
ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE))
goto error; goto error;
} }
}
if (OPT_HAS_EXT_VAL(mysql, ssl_pw)) if (OPT_HAS_EXT_VAL(mysql, ssl_pw))
{ {
SSL_CTX_set_default_passwd_cb_userdata(SSL_context, NULL); SSL_CTX_set_default_passwd_cb_userdata(SSL_context, NULL);

4
libmariadb/secure/schannel.c
View File

@@ -310,7 +310,6 @@ my_bool ma_ssl_connect(MARIADB_SSL *cssl)
return 0; return 0;
end: end:
/* todo: cleanup */
if (pRemoteCertContext) if (pRemoteCertContext)
CertFreeCertificateContext(pRemoteCertContext); CertFreeCertificateContext(pRemoteCertContext);
if (rc && sctx->IoBufferSize) if (rc && sctx->IoBufferSize)
@@ -322,6 +321,9 @@ end:
CertFreeCertificateContext(sctx->client_cert_ctx); CertFreeCertificateContext(sctx->client_cert_ctx);
if (sctx->client_crl_ctx) if (sctx->client_crl_ctx)
CertFreeCRLContext(sctx->client_crl_ctx); CertFreeCRLContext(sctx->client_crl_ctx);
sctx->client_ca_ctx= 0;
sctx->client_cert_ctx= 0;
sctx->client_crl_ctx= 0;
return 1; return 1;
} }

2
plugins/connection/CMakeLists.txt
View File

@@ -20,7 +20,7 @@ IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC")
SET(INSTALL_LIBS replication) SET(INSTALL_LIBS replication)
ENDIF() ENDIF()
IF(REPLICATION_PLUGIN_TYPE MATCHES "DYNAMIC") IF(AURORA_PLUGIN_TYPE MATCHES "DYNAMIC")
IF(WIN32) IF(WIN32)
SET_VERSION_INFO("TARGET:aurora" SET_VERSION_INFO("TARGET:aurora"
"FILE_TYPE:VFT_DLL" "FILE_TYPE:VFT_DLL"

19
unittest/libmariadb/ssl.c.in
View File

@@ -53,18 +53,7 @@ static int check_cipher(MYSQL *mysql)
return 1; return 1;
diag("cipher: %s", cipher); diag("cipher: %s", cipher);
#ifdef HAVE_GNUTLS
{
return strcmp(cipher, "AES-256-CBC");
}
#elif HAVE_OPENSSL
if (!strcmp(cipher, "DHE-RSA-AES256-SHA") ||
!strcmp(cipher, "DHE-RSA-AES256-GCM-SHA384"))
return 0; return 0;
#elif HAVE_SCHANNEL
return strcmp(cipher, "CALG_AES_256");
#endif
return 1;
} }
static int create_ssl_user(const char *ssluser, my_bool is_X509) static int create_ssl_user(const char *ssluser, my_bool is_X509)
@@ -90,6 +79,8 @@ static int create_ssl_user(const char *ssluser, my_bool is_X509)
rc= mysql_query(mysql, "FLUSH PRIVILEGES"); rc= mysql_query(mysql, "FLUSH PRIVILEGES");
check_mysql_rc(rc,mysql); check_mysql_rc(rc,mysql);
mysql_close(mysql);
return rc; return rc;
} }
@@ -775,7 +766,7 @@ static int test_ssl_fp_list(MYSQL *unused)
static int test_ssl_version(MYSQL *mysql) static int test_ssl_version(MYSQL *mysql)
{ {
unsigned int iversion; unsigned int iversion;
char *version; const char *version, *library;
MYSQL *my; MYSQL *my;
if (check_skip_ssl()) if (check_skip_ssl())
@@ -794,6 +785,10 @@ static int test_ssl_version(MYSQL *mysql)
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version); mariadb_get_infov(my, MARIADB_CONNECTION_SSL_VERSION, &version);
diag("protocol: %s", version); diag("protocol: %s", version);
mariadb_get_infov(my, MARIADB_CONNECTION_SSL_LIBRARY, &library);
diag("library: %s", library);
mysql_close(my); mysql_close(my);
return OK; return OK;