diff options
author | kurt <dingweiqings@163.com> | 2022-09-21 11:29:07 +0800 |
---|---|---|
committer | Daniel Black <daniel@mariadb.org> | 2022-10-21 15:54:17 +1100 |
commit | e11661a4a2c0d50d78b86dac71a0e3d226f0ddcf (patch) | |
tree | 59671c09f467614638627f9c22670782f24d43e0 | |
parent | 9de37e07de860fdbaade1de482692a9221fbcc98 (diff) | |
download | mariadb-git-e11661a4a2c0d50d78b86dac71a0e3d226f0ddcf.tar.gz |
MDEV-25343 Error log message not helpful when filekey is too long
Add a test related to the Encrypted Key File by following instructions in kb example
https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file
Reviewed by Daniel Black (with minor formatting and re-org of duplicate
close(f) calls).
10 files changed, 71 insertions, 3 deletions
diff --git a/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result new file mode 100644 index 00000000000..880245c7a09 --- /dev/null +++ b/mysql-test/suite/encryption/r/filekeys_secret_openssl_rand_128bits.result @@ -0,0 +1,17 @@ +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1 +insert t1 values (12345, repeat('1234567890', 20)); +alter table t1 encryption_key_id=2; +show create table t1; +Table Create Table +t1 CREATE TABLE `t1` ( + `c1` bigint(20) NOT NULL, + `b` char(200) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2 +drop table t1; +# Test checks if opening an too large secret does not crash the server. diff --git a/mysql-test/suite/encryption/r/filekeys_secret_too_long.result b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result new file mode 100644 index 00000000000..bd11e8d925e --- /dev/null +++ b/mysql-test/suite/encryption/r/filekeys_secret_too_long.result @@ -0,0 +1,10 @@ +call mtr.add_suppression("the filekey is too long"); +call mtr.add_suppression("Plugin 'file_key_management' init function returned error"); +call mtr.add_suppression("Plugin 'file_key_management' registration.*failed"); +FOUND 1 /the filekey is too long/ in mysqld.1.err +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; +ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options") +select plugin_status from information_schema.plugins +where plugin_name = 'file_key_management'; +plugin_status +# Test checks if opening an too large secret does not crash the server. diff --git a/mysql-test/suite/encryption/t/filekeys-data-too-long.key b/mysql-test/suite/encryption/t/filekeys-data-too-long.key new file mode 100644 index 00000000000..ba1624fb324 --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys-data-too-long.key @@ -0,0 +1,4 @@ +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret +secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret + diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc new file mode 100644 index 00000000000..3257ff7d6de --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.enc @@ -0,0 +1,4 @@ +Salted__40-6L sK?p\am8N?q n<*g(|F/! + kok6y7t67D#g洄ʗԣiyu*i#ƈ82#6 .C8;7Bԣ +0 / +w0w"xԱQu04xkj{W3C5՜ᔪP$=Ҳ
\ No newline at end of file diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key new file mode 100644 index 00000000000..bba639aeaac --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.key @@ -0,0 +1 @@ +c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1 diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt new file mode 100644 index 00000000000..9dee47bb96f --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.opt @@ -0,0 +1,3 @@ +--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key +--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc + diff --git a/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test new file mode 100644 index 00000000000..60718d21a10 --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_openssl_rand_128bits.test @@ -0,0 +1,13 @@ +-- source include/have_innodb.inc +-- source filekeys_plugin.inc + +create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1; +show create table t1; +insert t1 values (12345, repeat('1234567890', 20)); + +alter table t1 encryption_key_id=2; +show create table t1; + +drop table t1; + +--echo # Test checks if opening an too large secret does not crash the server. diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt new file mode 100644 index 00000000000..c3f95019f2a --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.opt @@ -0,0 +1,3 @@ +--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key +--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc + diff --git a/mysql-test/suite/encryption/t/filekeys_secret_too_long.test b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test new file mode 100644 index 00000000000..0032e94de37 --- /dev/null +++ b/mysql-test/suite/encryption/t/filekeys_secret_too_long.test @@ -0,0 +1,4 @@ +let SEARCH_PATTERN=the filekey is too long; +source filekeys_badtest.inc; + +--echo # Test checks if opening an too large secret does not crash the server. diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc index 5a9e5e55d63..ec1b528da24 100644 --- a/plugin/file_key_management/parser.cc +++ b/plugin/file_key_management/parser.cc @@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret) int f= open(filekey, O_RDONLY|O_BINARY); if (f == -1) { - my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno); + my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno); return 1; } - int len= read(f, secret, MAX_SECRET_SIZE); + int len= read(f, secret, MAX_SECRET_SIZE + 1); if (len <= 0) { - my_error(EE_READ,ME_ERROR_LOG, filekey, errno); + my_error(EE_READ, ME_ERROR_LOG, filekey, errno); close(f); return 1; } close(f); + while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--; + if (len > MAX_SECRET_SIZE) + { + my_printf_error(EE_READ, + "Cannot read %s, the filekey is too long, " + "max secret size is %dB ", + ME_ERROR_LOG, filekey, MAX_SECRET_SIZE); + return 1; + } secret[len]= '\0'; return 0; } |