diff options
| author | Sergey Glukhov <gluh@mysql.com> | 2008-08-25 17:11:59 +0500 |
|---|---|---|
| committer | Sergey Glukhov <gluh@mysql.com> | 2008-08-25 17:11:59 +0500 |
| commit | c546559a624a898b98c51cacd6feb6f9eb3dd2be (patch) | |
| tree | 5a3cae3cfb682a218a0e1754a33d6a63350d46b8 /sql/sql_udf.cc | |
| parent | de73b729543f40f46463c0134e380057ee4adb27 (diff) | |
| download | mariadb-git-c546559a624a898b98c51cacd6feb6f9eb3dd2be.tar.gz | |
Bug#37428 Potential security issue with UDFs - linux shellcode execution.
plugin_dir option backported from 5.1
mysql-test/r/udf.result:
result fix
sql/mysql_priv.h:
opt_plugin_dir and opt_plugin_dir_ptr declared.
sql/mysqld.cc:
'plugin_dir' option added
sql/set_var.cc:
'plugin_dir' option added.
sql/sql_udf.cc:
opt_plugin_dir added to the udf->dl path. Warn if it's not specified.
sql/unireg.h:
PLUGINDIR defined.
Diffstat (limited to 'sql/sql_udf.cc')
| -rw-r--r-- | sql/sql_udf.cc | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/sql/sql_udf.cc b/sql/sql_udf.cc index 849d152d93b..6520c1a661e 100644 --- a/sql/sql_udf.cc +++ b/sql/sql_udf.cc @@ -214,7 +214,17 @@ void udf_init() void *dl = find_udf_dl(tmp->dl); if (dl == NULL) { - if (!(dl = dlopen(tmp->dl, RTLD_NOW))) + char dlpath[FN_REFLEN]; + if (*opt_plugin_dir) + strxnmov(dlpath, sizeof(dlpath) - 1, opt_plugin_dir, "/", tmp->dl, + NullS); + else + { + strxnmov(dlpath, sizeof(dlpath)-1, tmp->dl, NullS); + push_warning(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_UNKNOWN_ERROR, + "plugin_dir was not specified"); + } + if (!(dl = dlopen(dlpath, RTLD_NOW))) { /* Print warning to log */ sql_print_error(ER(ER_CANT_OPEN_LIBRARY), tmp->dl,errno,dlerror()); @@ -443,8 +453,18 @@ int mysql_create_function(THD *thd,udf_func *udf) } if (!(dl = find_udf_dl(udf->dl))) { - DBUG_PRINT("info", ("Calling dlopen, udf->dl: %s", udf->dl)); - if (!(dl = dlopen(udf->dl, RTLD_NOW))) + char dlpath[FN_REFLEN]; + if (*opt_plugin_dir) + strxnmov(dlpath, sizeof(dlpath) - 1, opt_plugin_dir, "/", udf->dl, + NullS); + else + { + strxnmov(dlpath, sizeof(dlpath)-1, udf->dl, NullS); + push_warning(current_thd, MYSQL_ERROR::WARN_LEVEL_WARN, ER_UNKNOWN_ERROR, + "plugin_dir was not specified"); + } + DBUG_PRINT("info", ("Calling dlopen, udf->dl: %s", dlpath)); + if (!(dl = dlopen(dlpath, RTLD_NOW))) { DBUG_PRINT("error",("dlopen of %s failed, error: %d (%s)", udf->dl,errno,dlerror())); |