database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-11-05 01:43:31 +03:00
Code Activity

Bug#37428 Potential security issue with UDFs - linux shellcode execution.

Browse Source 
plugin_dir option backported from 5.1

per-file messages:
  sql/mysql_priv.h
    Bug#37428 Potential security issue with UDFs - linux shellcode execution.
    
    opt_plugin_dir and opt_plugin_dir_ptr declared.
  sql/mysqld.cc
    Bug#37428 Potential security issue with UDFs - linux shellcode execution.
    
    'plugin_dir' option added
  sql/set_var.cc
    Bug#37428 Potential security issue with UDFs - linux shellcode execution.
    
    'plugin_dir' option added.
  sql/sql_udf.cc
    Bug#37428 Potential security issue with UDFs - linux shellcode execution.
    
    opt_plugin_dir added to the udf->dl path. Warn if it's not specified.
  sql/unireg.h
    Bug#37428 Potential security issue with UDFs - linux shellcode execution.
    
    PLUGINDIR defined.
This commit is contained in:
Alexey Botchkov
2008-07-28 19:22:12 +05:00
parent fab14a4782
commit 2d590c2825
5 changed files with 41 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
sql/sql_udf.cc
View File

@@ -214,7 +214,17 @@ void udf_init()
void *dl = find_udf_dl(tmp->dl);
if (dl == NULL)
{
if (!(dl = dlopen(tmp->dl, RTLD_NOW)))
char dlpath[FN_REFLEN];
if (*opt_plugin_dir)
strxnmov(dlpath, sizeof(dlpath) - 1, opt_plugin_dir, "/", tmp->dl,
NullS);
else
{
strxnmov(dlpath, sizeof(dlpath)-1, tmp->dl, NullS);
push_warning(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_UNKNOWN_ERROR,
"plugin_dir was not specified");
}
if (!(dl = dlopen(dlpath, RTLD_NOW)))
{
/* Print warning to log */
sql_print_error(ER(ER_CANT_OPEN_LIBRARY), tmp->dl,errno,dlerror());
@@ -443,8 +453,18 @@ int mysql_create_function(THD *thd,udf_func *udf)
}
if (!(dl = find_udf_dl(udf->dl)))
{
DBUG_PRINT("info", ("Calling dlopen, udf->dl: %s", udf->dl));
if (!(dl = dlopen(udf->dl, RTLD_NOW)))
char dlpath[FN_REFLEN];
if (*opt_plugin_dir)
strxnmov(dlpath, sizeof(dlpath) - 1, opt_plugin_dir, "/", udf->dl,
NullS);
else
{
strxnmov(dlpath, sizeof(dlpath)-1, udf->dl, NullS);
push_warning(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_UNKNOWN_ERROR,
"plugin_dir was not specified");
}
DBUG_PRINT("info", ("Calling dlopen, udf->dl: %s", dlpath));
if (!(dl = dlopen(dlpath, RTLD_NOW)))
{
DBUG_PRINT("error",("dlopen of %s failed, error: %d (%s)",
udf->dl,errno,dlerror()));