diff options
author | kurt <dingweiqings@163.com> | 2022-09-21 11:29:07 +0800 |
---|---|---|
committer | Daniel Black <daniel@mariadb.org> | 2022-10-19 16:44:16 +1100 |
commit | cee7175b79a22c29a82ef328aba208f90afcea86 (patch) | |
tree | 99e5bc7d74c0566a5b8ef8de33e90d542cdcf566 | |
parent | 64d85c369bb67c47cdc87c517c1716742ec14c59 (diff) | |
download | mariadb-git-cee7175b79a22c29a82ef328aba208f90afcea86.tar.gz |
MDEV-25343 add read secret size in file key plugin
5 files changed, 33 insertions, 1 deletions
diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result new file mode 100644 index 00000000000..32e18513454 --- /dev/null +++ b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result @@ -0,0 +1,10 @@ +call mtr.add_suppression("the secret file has incorrect length"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND 1 /the secret file has incorrect length/ in mysqld.1.err +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +# Test checks if opening an too large secret does not crash the server. diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key new file mode 100644 index 00000000000..ba1624fb324 --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys-data-too-long.key @@ -0,0 +1,4 @@ +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret + diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt new file mode 100644 index 00000000000..c3f95019f2a --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt @@ -0,0 +1,3 @@ +--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key +--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc + diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test new file mode 100644 index 00000000000..b675f892895 --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test @@ -0,0 +1,4 @@ +let SEARCH_PATTERN=the secret file has incorrect length; +source filekeys_badtest.inc; + +--echo # Test checks if opening an too large secret does not crash the server. diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc index 5a9e5e55d63..8e78e230964 100644 --- a/plugin/file_key_management/parser.cc +++ b/plugin/file_key_management/parser.cc @@ -174,13 +174,24 @@ bool Parser::read_filekey(const char *filekey, char *secret) return 1; } - int len= read(f, secret, MAX_SECRET_SIZE); + int len= read(f, secret, MAX_SECRET_SIZE + 1); if (len <= 0) { my_error(EE_READ,ME_ERROR_LOG, filekey, errno); close(f); return 1; } + + if (len > MAX_SECRET_SIZE) + { + my_printf_error(EE_READ, + "Cannot decrypt %s, the secret file has incorrect length, " + "max secret size is %dB ", + ME_ERROR_LOG, filekey, MAX_SECRET_SIZE); + close(f); + return 1; + } + close(f); while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--; secret[len]= '\0'; |