diff options
| author | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
|---|---|---|
| committer | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
| commit | fc9f3efaec61ea3086c1df2942a1157fdf9ca1c2 (patch) | |
| tree | d1f2687923ea72c7120814a13560cc11581cfa76 /mysql-test/r/plugin_not_embedded.result | |
| parent | cd1c6e220de1730615c145b5337f7cce554dfdae (diff) | |
| download | mariadb-git-fc9f3efaec61ea3086c1df2942a1157fdf9ca1c2.tar.gz | |
BUG#58246: INSTALL PLUGIN not secure & crashable
When installing plugins, there is a missing check
for slash (/) in the path on Windows. Note that on
Windows, both / and \ can be used to separate
directories.
This patch fixes the issue by:
- Adding a FN_DIRSEP symbol for all platforms
consisting of a string of legal directory
separators.
- Adding a charset-aware version of strcspn().
- Adding a check_valid_path() function that uses
my_strcspn() to check if any FN_DIRSEP character
is in the supplied string.
- Using the check_valid_path() function in
sql_plugin.cc and sql_udf.cc (which means
replacing the existing test there).
include/config-netware.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
include/config-win.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
include/m_ctype.h:
Adding my_strspn() and my_strcspn().
******
Adding my_strspn() and my_strcspn().
include/my_global.h:
Adding FN_DIRSEP
******
Adding FN_DIRSEP
mysql-test/t/plugin_not_embedded.test:
Adding test that file names containing / is
disallowed on *all* platforms.
******
Adding test that file names containing / is
disallowed on *all* platforms.
sql/sql_plugin.cc:
Introducing check_if_path() function for
checking if filename is a path to include
/ on Windows.
******
Introducing check_if_path() function for
checking if filename is a path to include
/ on Windows.
sql/sql_udf.cc:
Switching to use check_if_path() function.
******
Switching to use check_if_path() function.
strings/my_strchr.c:
Adding my_strspn() and my_strcspn().
******
Adding my_strspn() and my_strcspn().
Diffstat (limited to 'mysql-test/r/plugin_not_embedded.result')
| -rw-r--r-- | mysql-test/r/plugin_not_embedded.result | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/mysql-test/r/plugin_not_embedded.result b/mysql-test/r/plugin_not_embedded.result index 82cfe7b23b8..27553366660 100644 --- a/mysql-test/r/plugin_not_embedded.result +++ b/mysql-test/r/plugin_not_embedded.result @@ -8,3 +8,5 @@ ERROR 42000: DELETE command denied to user 'bug51770'@'localhost' for table 'plu GRANT DELETE ON mysql.plugin TO bug51770@localhost; UNINSTALL PLUGIN example; DROP USER bug51770@localhost; +INSTALL PLUGIN example SONAME '../ha_example.so'; +ERROR HY000: No paths allowed for shared library |