database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

MDEV-20110 don't try to load client plugins with invalid names

Browse Source 
reported by lixtelnis
This commit is contained in:
Sergei Golubchik
2019-07-21 12:09:17 +02:00
parent f90040fd9c
commit 82563c5fc0
4 changed files with 24 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sql-common/client_plugin.c
View File

@ -362,7 +362,13 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type,
mysql->options.extension && mysql->options.extension->plugin_dir ?
mysql->options.extension->plugin_dir : PLUGINDIR, "/",
name, SO_EXT, NullS);
if (strpbrk(name, "()[]!@#$%^&/*;.,'?"))
{
errmsg= "invalid plugin name";
goto err;
}
DBUG_PRINT ("info", ("dlopeninig %s", dlpath));
/* Open new dll handle */
if (!(dlhandle= dlopen(dlpath, RTLD_NOW)))