Merge 10.3 into 10.4

2 files changed, 13 insertions, 4 deletions

diff --git a/plugin/cracklib_password_check/cracklib_password_check.c b/plugin/cracklib_password_check/cracklib_password_check.c
index 20294b070e7..470e6e5280f 100644
--- a/plugin/cracklib_password_check/cracklib_password_check.c
+++ b/plugin/cracklib_password_check/cracklib_password_check.c
@@ -13,10 +13,10 @@
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1335  USA */
 
+#include <my_global.h>
 #include <mysql/plugin_password_validation.h>
 #include <crack.h>
 #include <string.h>
-#include <alloca.h>
 #include <mysqld_error.h>
 
 static char *dictionary;
diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 818c026495f..57e0139a57d 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -162,19 +162,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
   int f= open(filekey, O_RDONLY|O_BINARY);
   if (f == -1)
   {
-    my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE);
+  int len= read(f, secret, MAX_SECRET_SIZE + 1);
   if (len <= 0)
   {
-    my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
+    my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
   close(f);
+
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
+  if (len > MAX_SECRET_SIZE)
+  {
+    my_printf_error(EE_READ,
+                    "Cannot read %s, the filekey is too long, "
+                    "max secret size is %dB ",
+                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
+    return 1;
+  }
   secret[len]= '\0';
   return 0;
 }