DESCRIPTION
===========
Buffer overflow is reported in a lot of code sections
spanning across server, client programs, Regex libraries
etc. If not handled appropriately, they can cause abnormal
behaviour.
ANALYSIS
========
The reported casea are the ones which are likely to result
in SEGFAULT, MEMORY LEAK etc.
FIX
===
- sprintf() has been replaced by my_snprintf() to avoid
buffer overflow.
- my_free() is done after checking if the pointer isn't
NULL already and setting it to NULL thereafter at few
places.
- Buffer is ensured to be large enough to hold the data.
- 'unsigned int' (aka 'uint') is replaced with 'size_t'
to avoid wraparound.
- Memory is freed (if not done so) after its alloced and
used.
- Inserted assert() for size check in InnoDb memcached
code (from 5.6 onwards)
- Other minor changes
(cherry picked from commit 3487e20959c940cbd24429afa795ebfc8a01e94f)
IMPLEMENTED IN ALL CLIENT PROGRAMS
Description: Option "enable-cleartext-plugin" is not
available for the following client utilities:-
mysqldump
mysqlimport
mysqlshow
mysqlcheck
Analysis: The unavailability of this option limits the
features like PAM authentication from using the above
mentioned utilities.
Fix: Option "enable-cleartext-plugin" is implemented in the
above mentioned client utilities.
mysql_upgrade --help now also prints out --default options and variable values.
mysql_upgrade now prints permission errors.
mysql_upgrade doesn't print some non essential info if --silent is used.
Added handler error message about incompatible versions
Fixed that mysqlbug and mysql_install_db have the executable flag set.
Removed executable flag for some non executable files.
Changed in mysql_install_db askmonty.org to mariadb.com.
Ensured that all client executables prints --default options the same way.
Allow REPAIR ... USE_FRM for old .frm files if the are still compatible.
Extended shown error for storage engine messages.
client/mysql.cc:
print_defaults() should be first (as in all other programs)
client/mysql_upgrade.c:
--help now also prints out --default options and variable values
Print out error if wrong permissions
Don't print info if --silent
client/mysqladmin.cc:
print_defaults() should be first (as in all other programs)
client/mysqlbinlog.cc:
Added print_defaults() to --help
client/mysqlcheck.c:
Added empty line in --help
client/mysqlimport.c:
Added empty line in --help
client/mysqlshow.c:
Made --help compatible
client/mysqlslap.c:
Made --help compatible
client/mysqltest.cc:
Added print_defaults() to --help
include/handler_ername.h:
Added handler error message
include/my_base.h:
Added handler error message
mysql-test/r/mysql_upgrade.result:
Updated results
mysql-test/r/repair.result:
Added test case for better error messages
mysql-test/std_data/host_old.MYD:
Added test case for better error messages
mysql-test/std_data/host_old.MYI:
Added test case for better error messages
mysql-test/std_data/host_old.frm:
Added test case for better error messages
mysql-test/t/repair.test:
Added test case for better error messages
mysys/my_handler_errors.h:
Added handler error message
scripts/CMakeLists.txt:
Fixed that mysqlbug and mysql_install_db have the executable flag set
scripts/mysql_install_db.sh:
askmonty.org -> mariadb.com
sql/ha_partition.cc:
Sometimes table_type() can be called for errors even if partition didn't manage to open any files
sql/handler.cc:
Write clear text for not handled, but defined error messages.
sql/share/errmsg-utf8.txt:
Extended shown error for storage engine messages
sql/sql_admin.cc:
Allow REPAIR ... USE_FRM for old .frm files if the are still compatible
storage/myisam/ha_myisam.cc:
Use new error message
SHOW 2012 INSTEAD OF 2011
* Added a new macro to hold the current year :
COPYRIGHT_NOTICE_CURRENT_YEAR
* Modified ORACLE_WELCOME_COPYRIGHT_NOTICE macro
to take the initial year as parameter and pick
current year from the above mentioned macro.
SHOW 2012 INSTEAD OF 2011
* Added a new macro to hold the current year :
COPYRIGHT_NOTICE_CURRENT_YEAR
* Modified ORACLE_WELCOME_COPYRIGHT_NOTICE macro
to take the initial year as parameter and pick
current year from the above mentioned macro.
suppress these harmless but confusing warnings.
fix the program name (MY_INIT) in mysqldump
client/mysqldump.c:
for backward compatibility, prefix mysqldump error messages with "mysqldump", not with the full path of the executable
sql/sql_insert.cc:
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
******
CREATE ... IF NOT EXISTS may do nothing, but
it is still not a failure. don't forget to my_ok it.
sql/sql_table.cc:
small cleanup
******
small cleanup
TOOLS
Backport a fix for Bug 57094 from 5.5.
The following revision was backported:
# revision-id: alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
# parent: bar@mysql.com-20101006121559-am1e05ykeicwnx48
# committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
# branch nick: mysql-5.5-bugteam-bug57094
# timestamp: Wed 2010-10-06 19:06:13 +0400
# message:
# Fix for Bug 57094 (Copyright notice incorrect?).
#
# The fix is to:
# - introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
# to specify copyright notice;
# - replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
# in programs.
TOOLS
Backport a fix for Bug 57094 from 5.5.
The following revision was backported:
# revision-id: alexander.nozdrin@oracle.com-20101006150613-ls60rb2tq5dpyb5c
# parent: bar@mysql.com-20101006121559-am1e05ykeicwnx48
# committer: Alexander Nozdrin <alexander.nozdrin@oracle.com>
# branch nick: mysql-5.5-bugteam-bug57094
# timestamp: Wed 2010-10-06 19:06:13 +0400
# message:
# Fix for Bug 57094 (Copyright notice incorrect?).
#
# The fix is to:
# - introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
# to specify copyright notice;
# - replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
# in programs.
The mysqld server and all clients now reads the new client-server section
Fixed that mysqldumpslow supports new slow log formats and new mysqld --slow- options
client/mysql.cc:
Read also client-server and client-mariadb sections.
client/mysql_upgrade.c:
Read also client-server and client-mariadb sections.
client/mysqladmin.cc:
Read also client-server and client-mariadb sections.
client/mysqlbinlog.cc:
Read also client-server and client-mariadb sections.
client/mysqlcheck.c:
Read also client-server and client-mariadb sections.
client/mysqldump.c:
Read also client-server and client-mariadb sections.
client/mysqlimport.c:
Read also client-server and client-mariadb sections.
client/mysqlshow.c:
Read also client-server and client-mariadb sections.
client/mysqltest.cc:
Read also client-server and client-mariadb sections.
extra/my_print_defaults.c:
Updated help text
scripts/mysql_fix_privilege_tables.sh:
Read also sections client client-server client-mariadb
scripts/mysql_install_db.pl.in:
Also allow --data=* option
Read also groups mariadb, server and client-server.
scripts/mysql_install_db.sh:
Also allow --data=* option
Read also groups mariadb, server and client-server.
Added --lose-skip-pbxt to bootstrap
scripts/mysql_secure_installation.sh:
Read also groups client-server and client-mariadb
scripts/mysqld_multi.sh:
Read also group mariadb
scripts/mysqld_safe.sh:
Read also groups mariadb server and client-server
scripts/mysqldumpslow.sh:
Fixed to support new slow log formats
Added sorting on -ae (aggregated number of retreived rows) and e (retrieved rows)
Read also group 'mariadb'
If there is many instances of same option, use last one.
Get slow log file from options log-slow-queries=filename or query-log-file=filename
Added support for future --log-basename option
sql-common/client.c:
Read also groups 'client-server' and 'client-mariadb'
tests/mysql_client_test.c:
Read also groups 'client-server' and 'client-mariadb'
tests/thread_test.c:
Read also groups 'client-server' and 'client-mariadb'
command line clients.
Postfix covering other mysql standard clients like mysql_upgrade,
mysqlbinlog, mysqlcheck, mysqlimport, mysqlshow and mysqlslap.
client/client_priv.h:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Added an entry for 'default-auth' option.
client/mysql.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysql_upgrade.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqladmin.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysqlbinlog.cc:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlcheck.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqldump.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients
Updated the id entry for default_auth option.
client/mysqlimport.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlshow.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
client/mysqlslap.c:
Bug#58139 : default-auth option not recognized in MySQL standard
command line clients.
Introduced two new variables to hold values from default-auth and
plugin-dir options and further pushed them to client's st_mysql
instance.
mysql-test/r/plugin_auth.result:
Added test case for Bug#58139 for mysql_upgrade.
mysql-test/t/plugin_auth.test:
Added test case for Bug#58139 for mysql_upgrade.
The fix is to:
- introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
to specify copyright notice;
- replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
in programs.
The fix is to:
- introduce ORACLE_WELCOME_COPYRIGHT_NOTICE define to have a single place
to specify copyright notice;
- replace custom copyright notices with ORACLE_WELCOME_COPYRIGHT_NOTICE
in programs.
- Changed to still use bcmp() in certain cases becasue
- Faster for short unaligneed strings than memcmp()
- Bettern when using valgrind
- Changed to use my_sprintf() instead of sprintf() to get higher portability for old systems
- Changed code to use MariaDB version of select->skip_record()
- Removed -%::SCCS/s.% from Makefile.am:s to remove automake warnings
Fixed compiler warnings
Disabled some tests that doesn't work on windows (uses shell tools or strange characters)
client/mysqlshow.c:
Fixed compiler warnings
client/mysqlslap.c:
Fixed compiler warnings
mysql-test/mysql-test-run.pl:
Use an error file instead of /dev/null
(Fixes problem on Windows and the output may be usefull)
mysql-test/suite/maria/r/maria.result:
Test case for bug LP#613408 (not complete)
mysql-test/suite/maria/t/maria.test:
Test case for bug LP#613408 (not complete)
mysql-test/suite/percona/percona_log_slow_slave_statements-and-use_global_long_query_time.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_log_slow_slave_statements.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-control_global_slow.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-log_slow_filter.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-log_slow_verbosity.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-long_query_time.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-microseconds_in_slow_query_log.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-min_examined_row_limit.test:
This test doesn't work one windows (needs shell tools)
mysql-test/suite/percona/percona_slow_query_log-use_global_long_query_time.test:
This test doesn't work one windows (needs shell tools)
mysql-test/t/ctype_filesystem.test:
This test doesn't work one windows (problem with character sets)
mysql-test/t/events_time_zone.test:
Use longer times to get predictable tests
mysql-test/t/show_check-master.opt:
set long query time to get more predictable tests
storage/maria/ma_check.c:
Restore info->s->lock_key_trees after repair.
Disable logging to temp tables for all repair cases (safety fix)
storage/maria/ma_state.c:
Ensurethat info->state_start doesn't point to freed memory. (Could happen after running an internal repair to fast create indexes)
storage/maria/trnman.c:
Added longer comment
