diff options
| author | Marko Mäkelä <marko.makela@mariadb.com> | 2018-12-17 19:00:35 +0200 |
|---|---|---|
| committer | Marko Mäkelä <marko.makela@mariadb.com> | 2018-12-17 19:33:44 +0200 |
| commit | 8c43f963882a9d5ac4e4289c8dd3dbcaeb40a0ce (patch) | |
| tree | ca51125765ac2223aa1a2479c63d3b11620037e3 /libservices | |
| parent | 517c59c5407d7ddb3b692da3c0d05878c55c0958 (diff) | |
| download | mariadb-git-8c43f963882a9d5ac4e4289c8dd3dbcaeb40a0ce.tar.gz | |
Follow-up to MDEV-12112: corruption in encrypted table may be overlooked
The initial fix only covered a part of Mariabackup.
This fix hardens InnoDB and XtraDB in a similar way, in order
to reduce the probability of mistaking a corrupted encrypted page
for a valid unencrypted one.
This is based on work by Thirunarayanan Balathandayuthapani.
fil_space_verify_crypt_checksum(): Assert that key_version!=0.
Let the callers guarantee that. Now that we have this assertion,
we also know that buf_page_is_zeroes() cannot hold.
Also, remove all diagnostic output and related parameters,
and let the relevant callers emit such messages.
Last but not least, validate the post-encryption checksum
according to the innodb_checksum_algorithm (only accepting
one checksum for the strict variants), and no longer
try to validate the page as if it was unencrypted.
buf_page_is_zeroes(): Move to the compilation unit of the only callers,
and declare static.
xb_fil_cur_read(), buf_page_check_corrupt(): Add a condition before
calling fil_space_verify_crypt_checksum(). This is a non-functional
change.
buf_dblwr_process(): Validate the page only as encrypted or unencrypted,
but not both.
Diffstat (limited to 'libservices')
0 files changed, 0 insertions, 0 deletions