diff options
author | Olivier Bertrand <bertrandop@gmail.com> | 2019-11-26 19:22:46 +0100 |
---|---|---|
committer | Olivier Bertrand <bertrandop@gmail.com> | 2019-11-26 19:22:46 +0100 |
commit | f0da39be7fff39f0ee47abe272e0ef96f229c7e3 (patch) | |
tree | a6e98fa182f6ffad5a0105969f936f5168ff3dde /storage/connect | |
parent | fb91774e4e6451298af51e31356a8b8fb1b19487 (diff) | |
download | mariadb-git-f0da39be7fff39f0ee47abe272e0ef96f229c7e3.tar.gz |
- Fix MDEV-13782
Problem with NOT LIKE queries.
modified: storage/connect/ha_connect.cc
modified: sql/item_cmpfunc.h
- Fix MDEV-21084
Misusage of strncat could cause buffer overflow.
modified: storage/connect/reldef.cpp
modified: storage/connect/tabcmg.cpp
modified: storage/connect/tabjson.cpp
modified: storage/connect/tabrest.cpp
modified: storage/connect/tabxml.cpp
Diffstat (limited to 'storage/connect')
-rw-r--r-- | storage/connect/ha_connect.cc | 8 | ||||
-rw-r--r-- | storage/connect/reldef.cpp | 3 | ||||
-rw-r--r-- | storage/connect/tabcmg.cpp | 23 | ||||
-rw-r--r-- | storage/connect/tabjson.cpp | 44 | ||||
-rw-r--r-- | storage/connect/tabrest.cpp | 5 | ||||
-rw-r--r-- | storage/connect/tabxml.cpp | 4 |
6 files changed, 53 insertions, 34 deletions
diff --git a/storage/connect/ha_connect.cc b/storage/connect/ha_connect.cc index 91fef719ee7..cc9e7d1b55c 100644 --- a/storage/connect/ha_connect.cc +++ b/storage/connect/ha_connect.cc @@ -2966,10 +2966,10 @@ PCFIL ha_connect::CheckCond(PGLOBAL g, PCFIL filp, const Item *cond) case Item_func::LE_FUNC: vop= OP_LE; break; case Item_func::GE_FUNC: vop= OP_GE; break; case Item_func::GT_FUNC: vop= OP_GT; break; - //case Item_func::LIKE_FUNC: - // vop = OP_LIKE; - // neg= ((Item_func_like*)condf)->negated; - // break; + case Item_func::LIKE_FUNC: + vop = OP_LIKE; + neg= ((Item_func_like*)condf)->negated; + break; case Item_func::ISNOTNULL_FUNC: neg= true; // fall through diff --git a/storage/connect/reldef.cpp b/storage/connect/reldef.cpp index 88c28757588..ffe5f77661d 100644 --- a/storage/connect/reldef.cpp +++ b/storage/connect/reldef.cpp @@ -624,7 +624,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g) return NULL; } else // PlugSetPath(soname, Module, GetPluginDir()); // Crashes on Fedora - strncat(strcpy(soname, GetPluginDir()), Module, _MAX_PATH); + strncat(strcpy(soname, GetPluginDir()), Module, + sizeof(soname) - strlen(soname) - 1); #if defined(__WIN__) // Is the DLL already loaded? diff --git a/storage/connect/tabcmg.cpp b/storage/connect/tabcmg.cpp index da1cfd34ac7..b9b7f6e4b60 100644 --- a/storage/connect/tabcmg.cpp +++ b/storage/connect/tabcmg.cpp @@ -53,25 +53,30 @@ bool CMGDISC::FindInDoc(PGLOBAL g, bson_iter_t *iter, const bson_t *doc, { if (!doc || bson_iter_init(iter, doc)) { const char *key; - char colname[65]; - char fmt[129]; - bool newcol; + char colname[65]; + char fmt[129]; + bool newcol; + size_t n; while (bson_iter_next(iter)) { key = bson_iter_key(iter); newcol = true; if (pcn) { - strncpy(colname, pcn, 64); - colname[64] = 0; - strncat(strncat(colname, "_", 65), key, 65); + n = sizeof(colname) - 1; + strncpy(colname, pcn, n); + colname[n] = 0; + n -= strlen(colname); + strncat(strncat(colname, "_", n), key, n - 1); } else strcpy(colname, key); if (pfmt) { - strncpy(fmt, pfmt, 128); - fmt[128] = 0; - strncat(strncat(fmt, ".", 129), key, 129); + n = sizeof(fmt) - 1; + strncpy(fmt, pfmt, n); + fmt[n] = 0; + n -= strlen(fmt); + strncat(strncat(fmt, ".", n), key, n - 1); } else strcpy(fmt, key); diff --git a/storage/connect/tabjson.cpp b/storage/connect/tabjson.cpp index 0b282345c8a..7e8d6c8d9f0 100644 --- a/storage/connect/tabjson.cpp +++ b/storage/connect/tabjson.cpp @@ -394,10 +394,11 @@ err: bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j) { - char *p, *pc = colname + strlen(colname); - int ars; - PJOB job; - PJAR jar; + char *p, *pc = colname + strlen(colname); + int ars; + size_t n; + PJOB job; + PJAR jar; if ((valp = jvp ? jvp->GetValue() : NULL)) { jcol.Type = valp->GetType(); @@ -423,8 +424,10 @@ bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j) PCSZ k = jrp->GetKey(); if (*k != '$') { - strncat(strncat(fmt, sep, 128), k, 128); - strncat(strncat(colname, "_", 64), k, 64); + n = sizeof(fmt) - strlen(fmt) -1; + strncat(strncat(fmt, sep, n), k, n - strlen(sep)); + n = sizeof(colname) - strlen(colname) - 1; + strncat(strncat(colname, "_", n), k, n - 1); } // endif Key if (Find(g, jrp->GetVal(), k, j + 1)) @@ -443,19 +446,26 @@ bool JSONDISC::Find(PGLOBAL g, PJVAL jvp, PCSZ key, int j) ars = MY_MIN(jar->GetSize(false), 1); for (int k = 0; k < ars; k++) { - if (!tdp->Xcol || stricmp(tdp->Xcol, key)) { - sprintf(buf, "%d", k); - - if (tdp->Uri) - strncat(strncat(fmt, sep, 128), buf, 128); - else - strncat(strncat(strncat(fmt, "[", 128), buf, 128), "]", 128); + n = sizeof(fmt) - (strlen(fmt) + 1); - if (all) - strncat(strncat(colname, "_", 64), buf, 64); + if (!tdp->Xcol || stricmp(tdp->Xcol, key)) { + sprintf(buf, "%d", k); - } else - strncat(fmt, (tdp->Uri ? sep : "[*]"), 128); + if (tdp->Uri) { + strncat(strncat(fmt, sep, n), buf, n - strlen(sep)); + } else { + strncat(strncat(fmt, "[", n), buf, n - 1); + strncat(fmt, "]", n - (strlen(buf) + 1)); + } // endif uri + + if (all) { + n = sizeof(colname) - (strlen(colname) + 1); + strncat(strncat(colname, "_", n), buf, n - 1); + } // endif all + + } else { + strncat(fmt, (tdp->Uri ? sep : "[*]"), n); + } if (Find(g, jar->GetValue(k), "", j)) return true; diff --git a/storage/connect/tabrest.cpp b/storage/connect/tabrest.cpp index fe81c0a65be..f9acbc28ddc 100644 --- a/storage/connect/tabrest.cpp +++ b/storage/connect/tabrest.cpp @@ -162,7 +162,7 @@ PQRYRES __stdcall ColREST(PGLOBAL g, PTOS tp, char *tab, char *db, bool info) // We used the file name relative to recorded datapath strcat(strcat(strcat(strcpy(filename, "."), slash), db), slash); - strncat(filename, fn, _MAX_PATH); + strncat(filename, fn, _MAX_PATH - strlen(filename)); // Retrieve the file from the web and copy it locally if (http && grf(g->Message, trace(515), http, uri, filename)) { @@ -221,7 +221,8 @@ bool RESTDEF::DefineAM(PGLOBAL g, LPCSTR am, int poff) // We used the file name relative to recorded datapath //PlugSetPath(filename, Fn, GetPath()); - strncat(strcpy(filename, GetPath()), Fn, _MAX_PATH); + strcpy(filename, GetPath()); + strncat(filename, Fn, _MAX_PATH - strlen(filename)); // Retrieve the file from the web and copy it locally rc = grf(g->Message, xt, Http, Uri, filename); diff --git a/storage/connect/tabxml.cpp b/storage/connect/tabxml.cpp index 19490d350e8..717090e9c5a 100644 --- a/storage/connect/tabxml.cpp +++ b/storage/connect/tabxml.cpp @@ -240,7 +240,9 @@ PQRYRES XMLColumns(PGLOBAL g, char *db, char *tab, PTOS topt, bool info) more: if (vp->atp) { - strncpy(colname, vp->atp->GetName(g), sizeof(colname)); + size_t z = sizeof(colname) - 1; + strncpy(colname, vp->atp->GetName(g), z); + colname[z] = 0; strncat(xcol->Name, colname, XLEN(xcol->Name)); switch (vp->atp->GetText(g, buf, sizeof(buf))) { |