database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

BUG#58246: INSTALL PLUGIN not secure & crashable

Browse Source 
When installing plugins, there is a missing check
for slash (/) in the path on Windows. Note that on
Windows, both / and \ can be used to separate
directories.

This patch fixes the issue by:
- Adding a FN_DIRSEP symbol for all platforms
  consisting of a string of legal directory
  separators.
- Adding a charset-aware version of strcspn().
- Adding a check_valid_path() function that uses
  my_strcspn() to check if any FN_DIRSEP character
  is in the supplied string.
- Using the check_valid_path() function in
  sql_plugin.cc and sql_udf.cc (which means
  replacing the existing test there).
This commit is contained in:
Mats Kindahl
2010-12-01 13:54:50 +01:00
parent 80246ac8b8
commit 91a4a8aba6
10 changed files with 105 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
sql/sql_udf.cc
View File

@ -173,10 +173,7 @@ void udf_init()
On windows we must check both FN_LIBCHAR and '/'.
*/
if (my_strchr(files_charset_info, dl_name,
dl_name + strlen(dl_name), FN_LIBCHAR) ||
IF_WIN(my_strchr(files_charset_info, dl_name,
dl_name + strlen(dl_name), '/'), 0) ||
if (check_valid_path(dl_name, strlen(dl_name)) ||
check_string_char_length(&name, "", NAME_CHAR_LEN,
system_charset_info, 1))
{
@ -416,13 +413,8 @@ int mysql_create_function(THD *thd,udf_func *udf)
Ensure that the .dll doesn't have a path
This is done to ensure that only approved dll from the system
directories are used (to make this even remotely secure).
On windows we must check both FN_LIBCHAR and '/'.
*/
if (my_strchr(files_charset_info, udf->dl,
udf->dl + strlen(udf->dl), FN_LIBCHAR) ||
IF_WIN(my_strchr(files_charset_info, udf->dl,
udf->dl + strlen(udf->dl), '/'), 0))
if (check_valid_path(udf->dl, strlen(udf->dl)))
{
my_message(ER_UDF_NO_PATHS, ER(ER_UDF_NO_PATHS), MYF(0));
DBUG_RETURN(1);