diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2019-07-21 12:09:17 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-07-21 19:47:44 +0200 |
| commit | 82563c5fc0a40d64d8e8e9de2bf6f904fa6c0dc6 (patch) | |
| tree | f421f6e8e823b9a472f0cfd8175bd504d795b040 /sql-common | |
| parent | f90040fd9ccb99cb4541d181a7052c37dc38decb (diff) | |
| download | mariadb-git-82563c5fc0a40d64d8e8e9de2bf6f904fa6c0dc6.tar.gz | |
MDEV-20110 don't try to load client plugins with invalid names
reported by lixtelnis
Diffstat (limited to 'sql-common')
| -rw-r--r-- | sql-common/client_plugin.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sql-common/client_plugin.c b/sql-common/client_plugin.c index f5e1ffbbf5c..812cefe03f5 100644 --- a/sql-common/client_plugin.c +++ b/sql-common/client_plugin.c @@ -362,7 +362,13 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type, mysql->options.extension && mysql->options.extension->plugin_dir ? mysql->options.extension->plugin_dir : PLUGINDIR, "/", name, SO_EXT, NullS); - + + if (strpbrk(name, "()[]!@#$%^&/*;.,'?")) + { + errmsg= "invalid plugin name"; + goto err; + } + DBUG_PRINT ("info", ("dlopeninig %s", dlpath)); /* Open new dll handle */ if (!(dlhandle= dlopen(dlpath, RTLD_NOW))) |