database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity
202,617 Commits 3,133 Branches 363 Tags
11.4-mdev-36389-indexed-text-column-wrong-result
Commit Graph

37 Commits

Author SHA1 Message Date
Oleksandr Byelkin
f52954ef42 Merge commit '10.4' into 10.5 2023-07-20 11:54:52 +02:00
Mikhail Chalov
2ff01e763e Fix insecure use of strcpy, strcat and sprintf in Connect 
Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
security issues due to lacking memory boundary checks. Replace these in the
Connect storage engine with safe new and/or custom functions such as
`snprintf()` `safe_strcpy()` and `safe_strcat()`.

With this change FlawFinder and other static security analyzers report 287
fewer findings.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.
 2023-05-12 15:37:00 +01:00
Oleksandr Byelkin
7fa02f5c0b Merge branch '10.4' into 10.5 2023-01-27 13:54:14 +01:00
Vicențiu Ciorbaru
00150ff8d4 Fix connect bson.cpp warning 
The ptyp variable is unused.
 2023-01-20 15:18:52 +02:00
Mikhail Chalov
567b681299 Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 
The MariaDB code base uses strcat() and strcpy() in several
places. These are known to have memory safety issues and their usage is
discouraged. Common security scanners like Flawfinder flags them. In MariaDB we
should start using modern and safer variants on these functions.

This is similar to memory issues fixes in 19af1890b5
and 9de9f105b5 but now replace use of strcat()
and strcpy() with safer options strncat() and strncpy().

However, add '\0' forcefully to make sure the result string is correct since
for these two functions it is not guaranteed what new string will be null-terminated.

Example:

    size_t dest_len = sizeof(g->Message);
    strncpy(g->Message, "Null json tree", dest_len); strncat(g->Message, ":",
    sizeof(g->Message) - strlen(g->Message)); size_t wrote_sz = strlen(g->Message);
    size_t cur_len = wrote_sz >= dest_len ? dest_len - 1 : wrote_sz;
    g->Message[cur_len] = '\0';

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services

-- Reviewer and co-author Vicențiu Ciorbaru <vicentiu@mariadb.org>
-- Reviewer additions:
* The initial function implementation was flawed. Replaced with a simpler
  and also correct version.
* Simplified code by making use of snprintf instead of chaining strcat.
* Simplified code by removing dynamic string construction in the first
  place and using static strings if possible. See connect storage engine
  changes.
 2023-01-20 15:18:52 +02:00
Marko Mäkelä
098c0f2634 Merge 10.4 into 10.5 2022-07-27 17:17:24 +03:00
Mikhail Chalov
19af1890b5 Use memory safe snprintf() in Connect Engine 
This commit replaces sprintf(buf, ...) with
snprintf(buf, sizeof(buf), ...),
specifically in the "easy" cases where buf is allocated with a size
known at compile time.

The changes make sure we are not write outside array/string bounds which
will lead to undefined behaviour. In case the code is trying to write
outside bounds - safe version of functions simply cut the string
messages so we process this gracefully.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license.  I am contributing on behalf of my employer Amazon Web Services,
Inc.

bsonudf.cpp warnings cleanup by Daniel Black

Reviewer: Daniel Black
 2022-07-26 16:28:59 +10:00
Oleksandr Byelkin
ae6bdc6769 Merge branch '10.4' into 10.5 2021-07-31 23:19:51 +02:00
Olivier Bertrand
5f64276fb2 - Fix MDEV-25863 : Replace __WIN__ by _WIN32 
modified:   storage/connect/array.cpp
  modified:   storage/connect/blkfil.cpp
  modified:   storage/connect/block.h
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/cmgoconn.cpp
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/domdoc.cpp
  modified:   storage/connect/filamap.cpp
  modified:   storage/connect/filamdbf.cpp
  modified:   storage/connect/filamfix.cpp
  modified:   storage/connect/filamgz.cpp
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamvct.cpp
  modified:   storage/connect/filamzip.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/filter.h
  modified:   storage/connect/fmdlex.c
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/javaconn.cpp
  modified:   storage/connect/javaconn.h
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/jmgfam.cpp
  modified:   storage/connect/json.cpp
  modified:   storage/connect/macutil.cpp
  modified:   storage/connect/macutil.h
  modified:   storage/connect/maputil.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/myconn.cpp
  modified:   storage/connect/myconn.h
  modified:   storage/connect/myutil.cpp
  modified:   storage/connect/odbconn.cpp
  modified:   storage/connect/odbconn.h
  modified:   storage/connect/os.h
  modified:   storage/connect/osutil.c
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/rcmsg.c
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/reldef.h
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabext.cpp
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabjdbc.cpp
  modified:   storage/connect/tabmac.cpp
  modified:   storage/connect/tabmac.h
  modified:   storage/connect/tabmul.cpp
  modified:   storage/connect/tabmul.h
  modified:   storage/connect/tabmysql.cpp
  modified:   storage/connect/taboccur.cpp
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabpivot.cpp
  modified:   storage/connect/tabrest.cpp
  modified:   storage/connect/tabrest.h
  modified:   storage/connect/tabsys.cpp
  modified:   storage/connect/tabtbl.cpp
  modified:   storage/connect/tabutil.cpp
  modified:   storage/connect/tabvct.cpp
  modified:   storage/connect/tabwmi.cpp
  modified:   storage/connect/tabxcl.cpp
  modified:   storage/connect/tabxml.cpp
  modified:   storage/connect/valblk.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/xindex.cpp
  modified:   storage/connect/xindex.h

- Fix Date errors and SSL warnings
  modified:   storage/connect/mysql-test/connect/r/jdbc.result
  modified:   storage/connect/mysql-test/connect/r/jdbc_new.result
  modified:   storage/connect/mysql-test/connect/t/jdbc.test
  modified:   storage/connect/mysql-test/connect/t/jdbc_new.test

- Update java source files
  modified:   storage/connect/Mongo2Interface.java
  modified:   storage/connect/Mongo3Interface.java
  added:      storage/connect/Client2.java
  added:      storage/connect/Client3.java
  added:      storage/connect/TestInsert2.java
  added:      storage/connect/TestInsert3.java
 2021-06-08 17:44:43 +02:00
Monty
30c9089095 Fixed compiler warnings from CONNECT 2021-05-23 19:41:49 +03:00
Olivier Bertrand
ef0829ef40 - Major update of the json/bson/mongo table types programs. 
Fix several bugs, chiefly concerning CURL operations.
        modified:   storage/connect/bson.cpp
        modified:   storage/connect/cmgfam.cpp
        modified:   storage/connect/cmgoconn.cpp
        modified:   storage/connect/cmgoconn.h
        modified:   storage/connect/colblk.h
        modified:   storage/connect/ha_connect.cc
        modified:   storage/connect/jmgfam.cpp
        modified:   storage/connect/jmgoconn.cpp
        modified:   storage/connect/jmgoconn.h
        modified:   storage/connect/json.cpp
        modified:   storage/connect/json.h
        modified:   storage/connect/mysql-test/connect/r/bson_mongo_c.result
        modified:   storage/connect/mysql-test/connect/r/json_mongo_c.result
        modified:   storage/connect/mysql-test/connect/r/mongo_c.result
        modified:   storage/connect/mysql-test/connect/r/mongo_java_2.result
        modified:   storage/connect/mysql-test/connect/r/mongo_java_3.result
        modified:   storage/connect/mysql-test/connect/std_data/Mongo2.jar
        modified:   storage/connect/mysql-test/connect/std_data/Mongo3.jar
        modified:   storage/connect/tabbson.cpp
        modified:   storage/connect/tabbson.h
        modified:   storage/connect/tabcmg.cpp
        modified:   storage/connect/tabcmg.h
        modified:   storage/connect/tabjmg.cpp
        modified:   storage/connect/tabjmg.h
        modified:   storage/connect/tabjson.cpp
        modified:   storage/connect/tabjson.h
 2021-05-01 22:29:38 +02:00
Olivier Bertrand
c030f4c625 Commit last pull from origin 2021-04-06 12:52:44 +02:00
Olivier Bertrand
801a6d500f - Add new JPATH features 
modified:   storage/connect/bson.cpp
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  modified:   storage/connect/json.cpp
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/jsonudf.h
  modified:   storage/connect/mysql-test/connect/r/json_udf.result
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabjson.h
 2021-02-16 00:31:27 +01:00
Olivier Bertrand
ca63004190 - Fix bug causing bnx base wrong after CheckMemory 
Add negative array indexes starting from the last
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/json.cpp
 2021-02-05 11:55:47 +01:00
Oleksandr Byelkin
c04ae0d365 Fix of crashes of connect engine. 
Use size_t everywhere and remove suspicious expression.
 2021-02-05 10:56:05 +01:00
Oleksandr Byelkin
b3cecb7bfc Revert "Fix of warnings on aarch64 like:" 
Fixed by the author in other way (char -> short)

This reverts commit 496f7090a8.
 2021-02-02 10:37:54 +01:00
Oleksandr Byelkin
7f7e66147d Merge remote-tracking branch 'connect/10.2' into 10.2 2021-02-02 10:36:46 +01:00
Olivier Bertrand
c2aecb0575 Fix failed test bson and xml 2021-01-30 12:07:37 +01:00
Oleksandr Byelkin
496f7090a8 Fix of warnings on aarch64 like: 
bson.cpp:1775:3: error: case label value is less than minimum value for type [-Werror]
   case TYPE_NULL:
bson.cpp:1776:7: error: statement will never be executed [-Werror=switch-unreachable]
     b = true;
 2021-01-29 12:35:17 +01:00
Oleksandr Byelkin
40868c4765 fix warnings returned by gcc v10.0 2021-01-29 12:04:09 +01:00
Olivier Bertrand
848a1a613c Fix decimal problems in bson udf's 2021-01-28 19:54:24 +01:00
Olivier Bertrand
7edd4294be - Continue BSON development 
modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/mysql-test/connect/r/bson.result
  modified:   storage/connect/mysql-test/connect/r/bson_udf.result
  modified:   storage/connect/mysql-test/connect/t/bson_udf.inc
  modified:   storage/connect/mysql-test/connect/t/bson_udf.test
  modified:   storage/connect/mysql-test/connect/t/bson_udf2.inc
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabbson.h
 2021-01-28 01:02:29 +01:00
Olivier Bertrand
347bce0201 - Remove static linkage to cpprestsdk when it is installed 
modified:   storage/connect/CMakeLists.txt

- Continue BSON development
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  added:      storage/connect/mysql-test/connect/r/bson_udf.result
  added:      storage/connect/mysql-test/connect/t/bson_udf.inc
  added:      storage/connect/mysql-test/connect/t/bson_udf.test
  added:      storage/connect/mysql-test/connect/t/bson_udf2.inc
 2021-01-12 18:25:41 +01:00
Olivier Bertrand
8f34d45404 - Add the new BSON temporary type for testing 
modified:   storage/connect/CMakeLists.txt
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  modified:   storage/connect/global.h
  modified:   storage/connect/json.cpp
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/mysql-test/connect/disabled.def
  modified:   storage/connect/mysql-test/connect/t/mongo_test.inc
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabjson.cpp
 2021-01-08 22:18:52 +01:00
Olivier Bertrand
cba46c9912 - Fix jfile_convert crash on error. modified: jsonudf.cpp (plus BSON UDF's) 2020-12-31 15:43:52 +01:00
Olivier Bertrand
a35424829a - Continue BSON implementation + fix create modified ha_connect.cc 2020-12-26 19:47:00 +01:00
Olivier Bertrand
2113cab7ec Make REST tables default file name. Commit before continuing BSON development 2020-12-22 22:50:12 +01:00
Olivier Bertrand
a786741000 - Fix crash with JsonContains UDF + BSON development 2020-12-17 13:58:13 +01:00
Olivier Bertrand
ceacffbb3b - Fix pretty=2 Tabjson bug on INSERT. 
Occuring when inserting more than one line in one statement.
  modified:   storage/connect/json.cpp

- Fix a wrong if statement
  modified:   storage/connect/tabjson.cpp

- Continue BSON implementation
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamtxt.h
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabbson.h

- No need anymore
  deleted:    storage/connect/mysql-test/connect/r/bson.result
  deleted:    storage/connect/mysql-test/connect/t/bson.test
 2020-12-15 12:28:03 +01:00
Olivier Bertrand
4eeadedc77 - Fix json_bjson (s was erase by Json_Subset) 
modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/jsonudf.h

- Fix compile error (Force_Bson was not conditional by BSON_SUPPORT)
  modified:   storage/connect/ha_connect.cc

- Continue Bjson implementation
  modified:   storage/connect/block.h
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabjson.cpp

- Typo
  deleted:    storage/connect/Header.h
 2020-12-09 00:55:06 +01:00
Olivier Bertrand
871532c3b9 - Continue BSON implementation 
modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/cmgfam.cpp
  modified:   storage/connect/cmgfam.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/jmgfam.cpp
  modified:   storage/connect/jmgfam.h
  modified:   storage/connect/jmgoconn.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/tabbson.cpp
  modified:   storage/connect/tabjson.cpp
 2020-12-08 01:15:40 +01:00
Olivier Bertrand
c05b1288fd Remove a push warning causing failing assert. Modified storage/connect/filamap.cpp 2020-12-04 23:21:59 +01:00
Olivier Bertrand
4e8af8a664 - Fix memory leak for the JSON table type 
(and continue BSON implementatio)
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/connect.cc
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabjson.h
  modified:   storage/connect/user_connect.cc

- Desesperatly trying to fix xml.test failure
  modified:   storage/connect/mysql-test/connect/r/xml.result
 2020-12-01 19:39:09 +01:00
Olivier Bertrand
950bf6ab53 - Begin implementation of BSON 
modified:   storage/connect/bson.cpp
  modified:   storage/connect/bson.h
  modified:   storage/connect/bsonudf.cpp
  modified:   storage/connect/bsonudf.h
  modified:   storage/connect/jsonudf.cpp
 2020-11-27 10:25:47 +01:00
Olivier Bertrand
b656d3d333 Desesperatly trying to stop compiling failures 2020-11-25 17:42:01 +01:00
Olivier Bertrand
dc8f914c38 Remove based enum not accepted by most gcc compilers 2020-11-25 12:56:45 +01:00
Olivier Bertrand
477b5256dd Fix some test failure 2020-11-21 21:52:48 +01:00