mirror of
https://github.com/MariaDB/server.git
synced 2025-08-01 03:47:19 +03:00
sql_table.cc key length limit check disabled for FULLTEXT
ft_parser.c Nasty buffer overflow fixed
This commit is contained in:
serg@serg.mysql.com
@ -1,15 +1,15 @@
|
|||||||
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
/* Copyright (C) 2000 MySQL AB & MySQL Finland AB & TCX DataKonsult AB
|
||||||
|
|
||||||
This program is free software; you can redistribute it and/or modify
|
This program is free software; you can redistribute it and/or modify
|
||||||
it under the terms of the GNU General Public License as published by
|
it under the terms of the GNU General Public License as published by
|
||||||
the Free Software Foundation; either version 2 of the License, or
|
the Free Software Foundation; either version 2 of the License, or
|
||||||
(at your option) any later version.
|
(at your option) any later version.
|
||||||
|
|
||||||
This program is distributed in the hope that it will be useful,
|
This program is distributed in the hope that it will be useful,
|
||||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
GNU General Public License for more details.
|
GNU General Public License for more details.
|
||||||
|
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this program; if not, write to the Free Software
|
along with this program; if not, write to the Free Software
|
||||||
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
|
||||||
@ -141,6 +141,7 @@ TREE * ft_parse(TREE *wtree, byte *doc, int doclen)
|
|||||||
for (w.pos=doc; doc<end; doc++)
|
for (w.pos=doc; doc<end; doc++)
|
||||||
if (!word_char(*doc)) break;
|
if (!word_char(*doc)) break;
|
||||||
if ((w.len= (uint) (doc-w.pos)) < MIN_WORD_LEN) continue;
|
if ((w.len= (uint) (doc-w.pos)) < MIN_WORD_LEN) continue;
|
||||||
|
if (w.len >= HA_FT_MAXLEN) continue;
|
||||||
if (!tree_insert(wtree, &w, 0))
|
if (!tree_insert(wtree, &w, 0))
|
||||||
{
|
{
|
||||||
delete_tree(wtree);
|
delete_tree(wtree);
|
||||||
|
|||||||
@ -469,7 +469,7 @@ int mysql_create_table(THD *thd,const char *db, const char *table_name,
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
key_info->key_length=(uint16) key_length;
|
key_info->key_length=(uint16) key_length;
|
||||||
if (key_length > file->max_key_length())
|
if (key_length > file->max_key_length() && key->type != Key::FULLTEXT)
|
||||||
{
|
{
|
||||||
my_error(ER_TOO_LONG_KEY,MYF(0),file->max_key_length());
|
my_error(ER_TOO_LONG_KEY,MYF(0),file->max_key_length());
|
||||||
DBUG_RETURN(-1);
|
DBUG_RETURN(-1);
|
||||||
@ -725,9 +725,9 @@ bool close_cached_table(THD *thd,TABLE *table)
|
|||||||
|
|
||||||
static int send_check_errmsg(THD* thd, TABLE_LIST* table,
|
static int send_check_errmsg(THD* thd, TABLE_LIST* table,
|
||||||
const char* operator_name, const char* errmsg)
|
const char* operator_name, const char* errmsg)
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
String* packet = &thd->packet;
|
String* packet = &thd->packet;
|
||||||
packet->length(0);
|
packet->length(0);
|
||||||
net_store_data(packet, table->name);
|
net_store_data(packet, table->name);
|
||||||
@ -744,7 +744,7 @@ static int send_check_errmsg(THD* thd, TABLE_LIST* table,
|
|||||||
static int prepare_for_restore(THD* thd, TABLE_LIST* table)
|
static int prepare_for_restore(THD* thd, TABLE_LIST* table)
|
||||||
{
|
{
|
||||||
String *packet = &thd->packet;
|
String *packet = &thd->packet;
|
||||||
|
|
||||||
if(table->table) // do not overwrite existing tables on restore
|
if(table->table) // do not overwrite existing tables on restore
|
||||||
{
|
{
|
||||||
return send_check_errmsg(thd, table, "restore",
|
return send_check_errmsg(thd, table, "restore",
|
||||||
@ -757,10 +757,10 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
|
|||||||
char src_path[FN_REFLEN], dst_path[FN_REFLEN];
|
char src_path[FN_REFLEN], dst_path[FN_REFLEN];
|
||||||
char* table_name = table->name;
|
char* table_name = table->name;
|
||||||
char* db = thd->db ? thd->db : table->db;
|
char* db = thd->db ? thd->db : table->db;
|
||||||
|
|
||||||
if(!fn_format(src_path, table_name, backup_dir, reg_ext, 4 + 64))
|
if(!fn_format(src_path, table_name, backup_dir, reg_ext, 4 + 64))
|
||||||
return -1; // protect buffer overflow
|
return -1; // protect buffer overflow
|
||||||
|
|
||||||
sprintf(dst_path, "%s/%s/%s", mysql_real_data_home, db, table_name);
|
sprintf(dst_path, "%s/%s/%s", mysql_real_data_home, db, table_name);
|
||||||
|
|
||||||
int lock_retcode;
|
int lock_retcode;
|
||||||
@ -770,14 +770,14 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
|
|||||||
pthread_mutex_unlock(&LOCK_open);
|
pthread_mutex_unlock(&LOCK_open);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(lock_retcode && wait_for_locked_table_names(thd, table))
|
if(lock_retcode && wait_for_locked_table_names(thd, table))
|
||||||
{
|
{
|
||||||
pthread_mutex_unlock(&LOCK_open);
|
pthread_mutex_unlock(&LOCK_open);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
pthread_mutex_unlock(&LOCK_open);
|
pthread_mutex_unlock(&LOCK_open);
|
||||||
|
|
||||||
if(my_copy(src_path,
|
if(my_copy(src_path,
|
||||||
fn_format(dst_path, dst_path,"",
|
fn_format(dst_path, dst_path,"",
|
||||||
reg_ext, 4),
|
reg_ext, 4),
|
||||||
@ -790,25 +790,25 @@ static int prepare_for_restore(THD* thd, TABLE_LIST* table)
|
|||||||
thd->net.no_send_ok = 1;
|
thd->net.no_send_ok = 1;
|
||||||
// generate table will try to send OK which messes up the output
|
// generate table will try to send OK which messes up the output
|
||||||
// for the client
|
// for the client
|
||||||
|
|
||||||
if(generate_table(thd, table, 0))
|
if(generate_table(thd, table, 0))
|
||||||
{
|
{
|
||||||
thd->net.no_send_ok = save_no_send_ok;
|
thd->net.no_send_ok = save_no_send_ok;
|
||||||
return send_check_errmsg(thd, table, "restore",
|
return send_check_errmsg(thd, table, "restore",
|
||||||
"Failed generating table from .frm file");
|
"Failed generating table from .frm file");
|
||||||
}
|
}
|
||||||
|
|
||||||
thd->net.no_send_ok = save_no_send_ok;
|
thd->net.no_send_ok = save_no_send_ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
|
static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
|
||||||
HA_CHECK_OPT* check_opt,
|
HA_CHECK_OPT* check_opt,
|
||||||
thr_lock_type lock_type,
|
thr_lock_type lock_type,
|
||||||
bool open_for_modify,
|
bool open_for_modify,
|
||||||
const char *operator_name,
|
const char *operator_name,
|
||||||
int (handler::*operator_func)
|
int (handler::*operator_func)
|
||||||
(THD *, HA_CHECK_OPT *))
|
(THD *, HA_CHECK_OPT *))
|
||||||
{
|
{
|
||||||
@ -849,7 +849,7 @@ static int mysql_admin_table(THD* thd, TABLE_LIST* tables,
|
|||||||
// to finish the restore in the handler later on
|
// to finish the restore in the handler later on
|
||||||
table->table = reopen_name_locked_table(thd, table);
|
table->table = reopen_name_locked_table(thd, table);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!table->table)
|
if (!table->table)
|
||||||
{
|
{
|
||||||
const char *err_msg;
|
const char *err_msg;
|
||||||
|
|||||||
Reference in New Issue
Block a user