mariadb

mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00

Author	SHA1	Message	Date
Mikhail Chalov	2ff01e763e	Fix insecure use of strcpy, strcat and sprintf in Connect Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to security issues due to lacking memory boundary checks. Replace these in the Connect storage engine with safe new and/or custom functions such as `snprintf()` `safe_strcpy()` and `safe_strcat()`. With this change FlawFinder and other static security analyzers report 287 fewer findings. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc.	2023-05-12 15:37:00 +01:00
Mikhail Chalov	19af1890b5	Use memory safe snprintf() in Connect Engine This commit replaces sprintf(buf, ...) with snprintf(buf, sizeof(buf), ...), specifically in the "easy" cases where buf is allocated with a size known at compile time. The changes make sure we are not write outside array/string bounds which will lead to undefined behaviour. In case the code is trying to write outside bounds - safe version of functions simply cut the string messages so we process this gracefully. All new code of the whole pull request, including one or several files that are either new files or modified ones, are contributed under the BSD-new license. I am contributing on behalf of my employer Amazon Web Services, Inc. bsonudf.cpp warnings cleanup by Daniel Black Reviewer: Daniel Black	2022-07-26 16:28:59 +10:00
Olivier Bertrand	ef0829ef40	- Major update of the json/bson/mongo table types programs. Fix several bugs, chiefly concerning CURL operations. modified: storage/connect/bson.cpp modified: storage/connect/cmgfam.cpp modified: storage/connect/cmgoconn.cpp modified: storage/connect/cmgoconn.h modified: storage/connect/colblk.h modified: storage/connect/ha_connect.cc modified: storage/connect/jmgfam.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/jmgoconn.h modified: storage/connect/json.cpp modified: storage/connect/json.h modified: storage/connect/mysql-test/connect/r/bson_mongo_c.result modified: storage/connect/mysql-test/connect/r/json_mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_java_2.result modified: storage/connect/mysql-test/connect/r/mongo_java_3.result modified: storage/connect/mysql-test/connect/std_data/Mongo2.jar modified: storage/connect/mysql-test/connect/std_data/Mongo3.jar modified: storage/connect/tabbson.cpp modified: storage/connect/tabbson.h modified: storage/connect/tabcmg.cpp modified: storage/connect/tabcmg.h modified: storage/connect/tabjmg.cpp modified: storage/connect/tabjmg.h modified: storage/connect/tabjson.cpp modified: storage/connect/tabjson.h	2021-05-01 22:29:38 +02:00
Olivier Bertrand	caff19ada5	- Copy Mongo2.jar and Mongo3.jar in plugin directory modified: storage/connect/CMakeLists.txt modified: storage/connect/javaconn.cpp - Check privileges while creating tables with Discovery modified: storage/connect/ha_connect.cc - Calculate LRECL for JSON tables created with Discovery modified: storage/connect/tabjson.cpp - Use CreateProcess (Windows) or fork/exec (linux) to retrieve the result from REST queries modified: storage/connect/tabrest.cpp - Typo modified: storage/connect/jmgoconn.cpp	2021-04-05 17:01:43 +02:00
Olivier Bertrand	871532c3b9	- Continue BSON implementation modified: storage/connect/bson.cpp modified: storage/connect/bson.h modified: storage/connect/bsonudf.cpp modified: storage/connect/cmgfam.cpp modified: storage/connect/cmgfam.h modified: storage/connect/ha_connect.cc modified: storage/connect/jmgfam.cpp modified: storage/connect/jmgfam.h modified: storage/connect/jmgoconn.cpp modified: storage/connect/mycat.cc modified: storage/connect/tabbson.cpp modified: storage/connect/tabjson.cpp	2020-12-08 01:15:40 +01:00
Olivier Bertrand	e4797a991f	In CONNECT version 1.6.10 NOSQL facility is enhanced by a new way to retrieve NOSQL data. In addition to files and Mongo collections, JSON as well as XML and CSV data can be retrieved from the net as answers from REST queries. Because it uses and external package (cpprestsdk) this is currently available only to MariaDB servers compiled from source. -- Add the REST support when Microsoft Casablanca package (cpprestsdk) is installed. -- Also include some changes specific to MariaDB 10.3. modified: storage/connect/CMakeLists.txt -- Add conditional REST support -- Added string options HTTP and URI. -- Added added internal table type TAB_REST. modified: storage/connect/ha_connect.cc modified: storage/connect/mycat.cc modified: storage/connect/mycat.h modified: storage/connect/plgdbsem.h -- Fix MDEV-19648 Variable connect_conv_size doesn't change -- Change Variable wrong block parameter from 8169 to 1. -- Also change connect_conv_size default value to 1024. modified: storage/connect/ha_connect.cc -- Avoid possible buffer overflow -- In particular by the function ShowValue. modified: storage/connect/tabdos.cpp modified: storage/connect/tabfmt.cpp modified: storage/connect/value.cpp modified: storage/connect/value.h -- Add some cast to avoid some compiler warnings modified: storage/connect/filamdbf.cpp -- Fix some C++ error modified: storage/connect/javaconn.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/plugutil.cpp -- Miscellaneous Typo and warning suppressing changes modified: storage/connect/connect.cpp modified: storage/connect/connect.h modified: storage/connect/filamvct.cpp modified: storage/connect/inihandl.cpp modified: storage/connect/jsonudf.cpp modified: storage/connect/libdoc.cpp modified: storage/connect/tabjson.cpp modified: storage/connect/tabtbl.cpp modified: storage/connect/tabxml.cpp modified: storage/connect/user_connect.cc modified: storage/connect/user_connect.h -- Update failing test results and disbling modified: storage/connect/mysql-test/connect/disabled.def modified: storage/connect/mysql-test/connect/r/dir.result modified: storage/connect/mysql-test/connect/r/grant.result modified: storage/connect/mysql-test/connect/r/jdbc.result modified: storage/connect/mysql-test/connect/r/jdbc_postgresql.result modified: storage/connect/mysql-test/connect/r/xml.result modified: storage/connect/mysql-test/connect/r/xml2.result modified: storage/connect/mysql-test/connect/r/xml2_mult.result modified: storage/connect/mysql-test/connect/r/xml_mult.result -- Add an option modified: storage/connect/mysql-test/connect/t/grant.test	2019-07-30 22:45:04 +02:00
Olivier Bertrand	9644415fa9	- Fix MDEV-16672 Connect: Warnings with 10.0 filamtxt.cpp: DOSFAM::RenameTempFile: Change sprintf to snprintf. filamvct.cpp: VECFAM::RenameTempFile: Change sprintf to snprintf. javaconn.cpp: Add JAVAConn::GetUTFString function. Use it instead of env->GetStringUTFChars. Fix wrong identation. javaconn.h: Add GetUTFString declaration. jdbconn.cpp: Use GetUTFString function instead of env->GetStringUTFChars. jmgoconn.cpp: Use GetUTFString function instead of env->GetStringUTFChars. Fix wrong identation. jsonudf.cpp: change 139 to BMX line 4631. tabjmg.cpp: Add ReleaseStringUTF. Fix wrong identation. tabpivot.cpp: Fix wrong identation. tabutil.cpp: TDBPRX::GetSubTable: Change sprintf to snprintf. modified: storage/connect/filamtxt.cpp modified: storage/connect/filamvct.cpp modified: storage/connect/javaconn.cpp modified: storage/connect/javaconn.h modified: storage/connect/jdbconn.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/jsonudf.cpp modified: storage/connect/tabjmg.cpp modified: storage/connect/tabpivot.cpp modified: storage/connect/tabutil.cpp - Fix MDEV-16895 CONNECT engine's get_error_message can cause buffer overflow and server crash with long queries ha_connect_cc: Update version. get_error_message: Remove charset conversion. modified: storage/connect/ha_connect.cc - Fix a server crash on inserting bigint to a JDBC table JDBConn::SetUUID: Suppress check on ctyp that causes a server crash because ctyp can be negative and this triggers an DEBUG_ASSERT on return. modified: storage/connect/jdbconn.cpp - Update jdbc.result mysql-test/connect/r/jdbc.result: Recorded to reflect a message change. modified: storage/connect/mysql-test/connect/r/jdbc.result	2018-08-06 19:42:00 +02:00
Olivier Bertrand	5abdd20ca9	- Use delayed load for the MongoDB C Drive on Windows modified: storage/connect/CMakeLists.txt modified: storage/connect/cmgoconn.cpp modified: storage/connect/ha_connect.cc - Add FORCE to the connect_type_conv enum values This will translate binary values to TYPE_STRING modified: storage/connect/checklvl.h modified: storage/connect/ha_connect.cc modified: storage/connect/odbconn.cpp - Change the connect_xtrace variable to from int to set modified: storage/connect/array.cpp modified: storage/connect/blkfil.cpp modified: storage/connect/block.h modified: storage/connect/cmgoconn.cpp modified: storage/connect/colblk.cpp modified: storage/connect/connect.cc modified: storage/connect/filamap.cpp modified: storage/connect/filamdbf.cpp modified: storage/connect/filamfix.cpp modified: storage/connect/filamgz.cpp modified: storage/connect/filamtxt.cpp modified: storage/connect/filamvct.cpp modified: storage/connect/filamzip.cpp modified: storage/connect/filter.cpp modified: storage/connect/global.h modified: storage/connect/ha_connect.cc modified: storage/connect/javaconn.cpp modified: storage/connect/jdbconn.cpp modified: storage/connect/jmgfam.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/json.cpp modified: storage/connect/jsonudf.cpp modified: storage/connect/mongo.cpp modified: storage/connect/mycat.cc modified: storage/connect/myconn.cpp modified: storage/connect/odbconn.cpp modified: storage/connect/plgdbutl.cpp modified: storage/connect/plugutil.cpp modified: storage/connect/reldef.cpp modified: storage/connect/tabcol.cpp modified: storage/connect/tabdos.cpp modified: storage/connect/tabext.cpp modified: storage/connect/tabfix.cpp modified: storage/connect/tabfmt.cpp modified: storage/connect/tabjdbc.cpp modified: storage/connect/tabjson.cpp modified: storage/connect/table.cpp modified: storage/connect/tabmul.cpp modified: storage/connect/tabmysql.cpp modified: storage/connect/tabodbc.cpp modified: storage/connect/tabpivot.cpp modified: storage/connect/tabsys.cpp modified: storage/connect/tabtbl.cpp modified: storage/connect/tabutil.cpp modified: storage/connect/tabvct.cpp modified: storage/connect/tabwmi.cpp modified: storage/connect/tabxml.cpp modified: storage/connect/user_connect.cc modified: storage/connect/valblk.cpp modified: storage/connect/value.cpp modified: storage/connect/xindex.cpp - Restore connect_enable_mongo variable (but undocumented) modified: storage/connect/ha_connect.cc modified: storage/connect/mycat.cc modified: storage/connect/mysql-test/connect/r/json_java_2.result modified: storage/connect/mysql-test/connect/r/json_java_3.result modified: storage/connect/mysql-test/connect/r/json_mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_java_2.result modified: storage/connect/mysql-test/connect/r/mongo_java_3.result modified: storage/connect/mysql-test/connect/r/tbl_thread.result modified: storage/connect/mysql-test/connect/t/mongo.inc modified: storage/connect/mysql-test/connect/t/mongo_test.inc modified: storage/connect/mysql-test/connect/t/tbl_thread.test	2018-01-30 15:43:20 +01:00
Olivier Bertrand	bcfb5b2de9	- Update version number modified: storage/connect/ha_connect.cc - Include MONGO in all Java enabled distributions Mongo will be enabled only for 10.2 and 10.3 modified: storage/connect/CMakeLists.txt - Change JDBC_SUPPORT to JAVA_SUPPORT which also replaces MONGO_SUPPORT MONGO_SUPPORT is now just used to enable the MONGO table type modified: storage/connect/filter.cpp modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h modified: storage/connect/mongo.cpp modified: storage/connect/mycat.cc modified: storage/connect/plgdbutl.cpp modified: storage/connect/tabjson.cpp modified: storage/connect/tabjson.h - Move MakeSelector function from FILTER to mongo.cpp modified: storage/connect/filter.cpp modified: storage/connect/filter.h modified: storage/connect/cmgoconn.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/mongo.cpp - Do mongo_init only on first use of the MongoDB C Driver This will permit to delay load the mongo lib on Windows modified: storage/connect/cmgoconn.cpp modified: storage/connect/cmgoconn.h modified: storage/connect/ha_connect.cc - Replace NEW_VAR by a test on MYSQL_VERSION_ID modified: storage/connect/ha_connect.cc - Suppress enable_mongo session variable modified: storage/connect/ha_connect.cc modified: storage/connect/mycat.cc - Make some function headers identical in .h and .cc file (replacing const char* by PCSZ) modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h - Change a parameter type from uchar* to const uchar* (for ScanRecord and CheckRecord) modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h - Changes on LIKE and NOT LIKE does not fix a bug yet modified: storage/connect/ha_connect.cc - Suppress PIVOT_SUPPORT (PIVOT type is unconditionnal) modified: storage/connect/ha_connect.cc modified: storage/connect/mycat.cc - Change the strz function from inline to static modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h - export the JavaConn class and the MgoColumns and IsNum functions modified: storage/connect/javaconn.h modified: storage/connect/json.h modified: storage/connect/mongo.h - Fix MDEV-13924 modified: storage/connect/jdbconn.cpp - Make a temporary fix for the compiler bug in CalculateArray modified: storage/connect/jsonudf.cpp modified: storage/connect/tabjson.cpp - Typo modified: storage/connect/jdbccat.h modified: storage/connect/reldef.h modified: storage/connect/tabext.h modified: storage/connect/tabjmg.cpp modified: storage/connect/tabxml.h modified: storage/connect/valblk.h modified: storage/connect/value.h modified: storage/connect/xtable.h - Fix a bug in MONGO tests by changing 'MONGO' to $TYPE modified: storage/connect/mysql-test/connect/t/mongo_test.inc - Record test results to reflect all changes modified: storage/connect/mysql-test/connect/r/json_java_2.result modified: storage/connect/mysql-test/connect/r/json_java_3.result modified: storage/connect/mysql-test/connect/r/json_mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_c.result modified: storage/connect/mysql-test/connect/r/mongo_java_2.result modified: storage/connect/mysql-test/connect/r/mongo_java_3.result	2017-10-15 16:13:23 +02:00
Olivier Bertrand	4d4ba60c6e	- Fix MDEV-13463 unescape table name during detection of table structure modified: storage/connect/myconn.cpp - Remove a few gcc warnings modified: storage/connect/jmgoconn.cpp modified: storage/connect/json.h modified: storage/connect/tabjson.cpp	2017-08-08 17:36:54 +02:00
Olivier Bertrand	f590296c28	-- Finalize work on MongoDB access Implement discovery for the MongoDB Java Driver Create classes to minimize code and avoid dupicates Rearrange and rename implied files modified: storage/connect/CMakeLists.txt renamed: storage/connect/mongofam.cpp -> storage/connect/cmgfam.cpp renamed: storage/connect/mongofam.h -> storage/connect/cmgfam.h modified: storage/connect/cmgoconn.h modified: storage/connect/javaconn.h modified: storage/connect/jdbconn.cpp modified: storage/connect/jmgoconn.cpp modified: storage/connect/jmgoconn.h modified: storage/connect/mongo.cpp modified: storage/connect/mongo.h renamed: storage/connect/tabmgo.cpp -> storage/connect/tabcmg.cpp renamed: storage/connect/tabmgo.h -> storage/connect/tabcmg.h modified: storage/connect/tabjmg.cpp modified: storage/connect/tabjmg.h modified: storage/connect/tabjson.cpp modified: storage/connect/tabjson.h -- Trace Sarea allocation and freeing modified: storage/connect/connect.cc modified: storage/connect/plugutil.cpp modified: storage/connect/user_connect.cc -- Null Json values where not mark as null in JSNX::SetJsonValue This was added in TYPE_NULL (declared as TYPE_VOID) modified: storage/connect/json.cpp modified: storage/connect/json.h modified: storage/connect/jsonudf.cpp -- Null JValues are ignored in JSNX::CalculateArray Also done in tabjson.cpp for JSONCOL::CalculateArray modified: storage/connect/json.h modified: storage/connect/jsonudf.cpp modified: storage/connect/tabjson.cpp -- Null JSON values now represented by connect_json_null session variable modified: storage/connect/json.cpp modified: storage/connect/json.h modified: storage/connect/jsonudf.cpp modified: storage/connect/tabjson.cpp -- JVALUE has size = 1 modified: storage/connect/json.h -- Fix by vuvova because Debian compilation failure. modified: storage/connect/value.cpp	2017-07-18 13:16:55 +02:00
Olivier Bertrand	94e5d7de85	- Add Support of the MongoDB Java Driver. modified: storage/connect/CMakeLists.txt modified: storage/connect/JavaWrappers.jar modified: storage/connect/colblk.h modified: storage/connect/filter.cpp modified: storage/connect/filter.h modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h modified: storage/connect/jdbccat.h modified: storage/connect/jdbconn.cpp modified: storage/connect/jdbconn.h modified: storage/connect/mongofam.cpp modified: storage/connect/mongofam.h modified: storage/connect/mycat.cc modified: storage/connect/mycat.h modified: storage/connect/tabext.h modified: storage/connect/tabjdbc.cpp modified: storage/connect/tabjdbc.h modified: storage/connect/tabjson.cpp modified: storage/connect/tabjson.h modified: storage/connect/tabmgo.cpp modified: storage/connect/tabmgo.h created: storage/connect/Mongo2Interface.java created: storage/connect/Mongo3Interface.java created: storage/connect/cmgoconn.cpp created: storage/connect/cmgoconn.h created: storage/connect/javaconn.cpp created: storage/connect/javaconn.h created: storage/connect/jmgfam.cpp created: storage/connect/jmgfam.h created: storage/connect/jmgoconn.cpp created: storage/connect/jmgoconn.h created: storage/connect/mongo.cpp created: storage/connect/mongo.h created: storage/connect/tabjmg.cpp created: storage/connect/tabjmg.h - tdbp not initialized when catched exception in CntGetTDB (connect.cc line 188) modified: storage/connect/connect.h - CheckCleanup should sometimes doing cleanup on pure info Sometimes MariaDB loops on info to get the size of all tables in a database. This can sometimes fail by exhausted memory. CheckCleanup now have a force boolean parameter (defaulting to false) modified: storage/connect/ha_connect.cc modified: storage/connect/user_connect.cc modified: storage/connect/user_connect.h Change the copyright of some source files modified: storage/connect/connect.cc modified: storage/connect/connect.h modified: storage/connect/engmsg.h modified: storage/connect/global.h modified: storage/connect/ha_connect.cc modified: storage/connect/ha_connect.h modified: storage/connect/msgid.h modified: storage/connect/mycat.cc modified: storage/connect/mycat.h modified: storage/connect/os.h modified: storage/connect/osutil.c modified: storage/connect/osutil.h modified: storage/connect/user_connect.cc modified: storage/connect/user_connect.h	2017-07-02 22:41:11 +02:00

12 Commits