diff options
| author | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
|---|---|---|
| committer | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
| commit | fc9f3efaec61ea3086c1df2942a1157fdf9ca1c2 (patch) | |
| tree | d1f2687923ea72c7120814a13560cc11581cfa76 /include | |
| parent | cd1c6e220de1730615c145b5337f7cce554dfdae (diff) | |
| download | mariadb-git-fc9f3efaec61ea3086c1df2942a1157fdf9ca1c2.tar.gz | |
BUG#58246: INSTALL PLUGIN not secure & crashable
When installing plugins, there is a missing check
for slash (/) in the path on Windows. Note that on
Windows, both / and \ can be used to separate
directories.
This patch fixes the issue by:
- Adding a FN_DIRSEP symbol for all platforms
consisting of a string of legal directory
separators.
- Adding a charset-aware version of strcspn().
- Adding a check_valid_path() function that uses
my_strcspn() to check if any FN_DIRSEP character
is in the supplied string.
- Using the check_valid_path() function in
sql_plugin.cc and sql_udf.cc (which means
replacing the existing test there).
include/config-netware.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
include/config-win.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
include/m_ctype.h:
Adding my_strspn() and my_strcspn().
******
Adding my_strspn() and my_strcspn().
include/my_global.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
mysql-test/t/plugin_not_embedded.test:
Adding test that file names containing / is
disallowed on *all* platforms.
******
Adding test that file names containing / is
disallowed on *all* platforms.
sql/sql_plugin.cc:
Introducing check_if_path() function for
checking if filename is a path to include
/ on Windows.
******
Introducing check_if_path() function for
checking if filename is a path to include
/ on Windows.
sql/sql_udf.cc:
Switching to use check_if_path() function.
******
Switching to use check_if_path() function.
strings/my_strchr.c:
Adding my_strspn() and my_strcspn().
******
Adding my_strspn() and my_strcspn().
Diffstat (limited to 'include')
| -rw-r--r-- | include/config-netware.h | 1 | ||||
| -rw-r--r-- | include/config-win.h | 1 | ||||
| -rw-r--r-- | include/m_ctype.h | 2 | ||||
| -rw-r--r-- | include/my_global.h | 1 |
4 files changed, 5 insertions, 0 deletions
diff --git a/include/config-netware.h b/include/config-netware.h index 4b9e1437170..156b1eff0e4 100644 --- a/include/config-netware.h +++ b/include/config-netware.h @@ -122,6 +122,7 @@ extern "C" { #define CANT_DELETE_OPEN_FILES 1 #define FN_LIBCHAR '\\' +#define FN_DIRSEP "/\\" /* Valid directory separators */ #define FN_ROOTDIR "\\" #define FN_DEVCHAR ':' diff --git a/include/config-win.h b/include/config-win.h index da9b1fc00c3..f802bbbbad8 100644 --- a/include/config-win.h +++ b/include/config-win.h @@ -332,6 +332,7 @@ inline ulonglong double2ulonglong(double d) /* File name handling */ #define FN_LIBCHAR '\\' +#define FN_DIRSEP "/\\" /* Valid directory separators */ #define FN_ROOTDIR "\\" #define FN_DEVCHAR ':' #define FN_NETWORK_DRIVES /* Uses \\ to indicate network drives */ diff --git a/include/m_ctype.h b/include/m_ctype.h index 451c8db549b..47a3a09f531 100644 --- a/include/m_ctype.h +++ b/include/m_ctype.h @@ -464,6 +464,8 @@ extern my_bool my_parse_charset_xml(const char *bug, size_t len, int (*add)(CHARSET_INFO *cs)); extern char *my_strchr(CHARSET_INFO *cs, const char *str, const char *end, pchar c); +extern size_t my_strcspn(CHARSET_INFO *cs, const char *str, const char *end, + const char *accept); my_bool my_propagate_simple(CHARSET_INFO *cs, const uchar *str, size_t len); my_bool my_propagate_complex(CHARSET_INFO *cs, const uchar *str, size_t len); diff --git a/include/my_global.h b/include/my_global.h index ec22a57329b..ac5d72249f2 100644 --- a/include/my_global.h +++ b/include/my_global.h @@ -758,6 +758,7 @@ typedef SOCKET_SIZE_TYPE size_socket; #ifndef FN_LIBCHAR #define FN_LIBCHAR '/' +#define FN_DIRSEP "/" /* Valid directory separators */ #define FN_ROOTDIR "/" #endif #define MY_NFILE 64 /* This is only used to save filenames */ |