Security: EOM modules must now be loaded from the plugin directory.

  modified:   storage/connect/mycat.cc
  modified:   storage/connect/reldef.cpp

Json array index (position) always defaults to 0
  modified:   storage/connect/tabjson.cpp

3 files changed, 64 insertions, 18 deletions

diff --git a/storage/connect/mycat.cc b/storage/connect/mycat.cc
index 0bc82cd80ce..0ef43a245fa 100644
--- a/storage/connect/mycat.cc
+++ b/storage/connect/mycat.cc
@@ -100,6 +100,26 @@ extern "C" HINSTANCE s_hModule;           // Saved module handle
 PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info);
 
 /***********************************************************************/
+/*  Get the plugin directory.                                          */
+/***********************************************************************/
+char *GetPluginDir(void)
+{
+  char *plugin_dir;
+
+#if defined(_WIN64)
+  plugin_dir = (char *)GetProcAddress(GetModuleHandle(NULL),
+    "?opt_plugin_dir@@3PADEA");
+#elif defined(_WIN32)
+  plugin_dir = (char*)GetProcAddress(GetModuleHandle(NULL),
+    "?opt_plugin_dir@@3PADA");
+#else
+  plugin_dir = opt_plugin_dir;
+#endif
+
+  return plugin_dir;
+} // end of GetPluginDir
+
+/***********************************************************************/
 /*  Get a unique enum table type ID.                                   */
 /***********************************************************************/
 TABTYPE GetTypeID(const char *type)
@@ -328,7 +348,7 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
   {
   typedef PQRYRES (__stdcall *XCOLDEF) (PGLOBAL, void*, char*, char*, bool);
   const char *module, *subtype;
-  char    c, getname[40] = "Col";
+  char    c, soname[_MAX_PATH], getname[40] = "Col";
 #if defined(WIN32)
   HANDLE  hdll;               /* Handle to the external DLL            */
 #else   // !WIN32
@@ -343,6 +363,17 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
   if (!module || !subtype)
     return NULL;
 
+  /*********************************************************************/
+  /*  Ensure that the .dll doesn't have a path.                        */
+  /*  This is done to ensure that only approved dll from the system    */
+  /*  directories are used (to make this even remotely secure).        */
+  /*********************************************************************/
+  if (check_valid_path(module, strlen(module))) {
+    strcpy(g->Message, "Module cannot contain a path");
+    return NULL;
+  } else
+    PlugSetPath(soname, module, GetPluginDir());
+    
   // The exported name is always in uppercase
   for (int i = 0; ; i++) {
     c = subtype[i];
@@ -352,11 +383,11 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
 
 #if defined(WIN32)
   // Load the Dll implementing the table
-  if (!(hdll = LoadLibrary(module))) {
+  if (!(hdll = LoadLibrary(soname))) {
     char  buf[256];
     DWORD rc = GetLastError();
 
-    sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, module);
+    sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, soname);
     FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
                   FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
                   (LPTSTR)buf, sizeof(buf), NULL);
@@ -374,9 +405,9 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
   const char *error = NULL;
 
   // Load the desired shared library
-  if (!(hdll = dlopen(module, RTLD_LAZY))) {
+  if (!(hdll = dlopen(soname, RTLD_LAZY))) {
     error = dlerror();
-    sprintf(g->Message, MSG(SHARED_LIB_ERR), module, SVP(error));
+    sprintf(g->Message, MSG(SHARED_LIB_ERR), soname, SVP(error));
     return NULL;
     } // endif Hdll
 
diff --git a/storage/connect/reldef.cpp b/storage/connect/reldef.cpp
index 0b3d4682cc7..4563500254b 100644
--- a/storage/connect/reldef.cpp
+++ b/storage/connect/reldef.cpp
@@ -56,6 +56,7 @@ extern handlerton *connect_hton;
 /*  External function.                                                 */
 /***********************************************************************/
 USETEMP UseTemp(void);
+char   *GetPluginDir(void);
 
 /* --------------------------- Class RELDEF -------------------------- */
 
@@ -437,20 +438,31 @@ void TABDEF::SetIndexInfo(void)
 PTABDEF OEMDEF::GetXdef(PGLOBAL g)
   {
   typedef PTABDEF (__stdcall *XGETDEF) (PGLOBAL, void *);
-  char    c, getname[40] = "Get";
+  char    c, soname[_MAX_PATH], getname[40] = "Get";
   PTABDEF xdefp;
   XGETDEF getdef = NULL;
   PCATLG  cat = Cat;
 
+  /*********************************************************************/
+  /*  Ensure that the .dll doesn't have a path.                        */
+  /*  This is done to ensure that only approved dll from the system    */
+  /*  directories are used (to make this even remotely secure).        */
+  /*********************************************************************/
+  if (check_valid_path(Module, strlen(Module))) {
+    strcpy(g->Message, "Module cannot contain a path");
+    return NULL;
+  } else
+    PlugSetPath(soname, Module, GetPluginDir());
+    
 #if defined(WIN32)
   // Is the DLL already loaded?
-  if (!Hdll && !(Hdll = GetModuleHandle(Module)))
+  if (!Hdll && !(Hdll = GetModuleHandle(soname)))
     // No, load the Dll implementing the function
-    if (!(Hdll = LoadLibrary(Module))) {
+    if (!(Hdll = LoadLibrary(soname))) {
       char  buf[256];
       DWORD rc = GetLastError();
 
-      sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, Module);
+      sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, soname);
       FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
                     FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
                     (LPTSTR)buf, sizeof(buf), NULL);
@@ -474,7 +486,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
 #else   // !WIN32
   const char *error = NULL;
   Dl_info dl_info;
-  
+    
+#if 0  // Don't know what all this stuff does
   // The OEM lib must retrieve exported CONNECT variables
   if (dladdr(&connect_hton, &dl_info)) {
     if (dlopen(dl_info.dli_fname, RTLD_NOLOAD | RTLD_NOW | RTLD_GLOBAL) == 0) {
@@ -488,15 +501,16 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
     sprintf(g->Message, "dladdr failed: %s, OEM not supported", SVP(error));
     return NULL;
   } // endif dladdr
+#endif // 0
 
   // Is the library already loaded?
-//  if (!Hdll && !(Hdll = ???))
-  // Load the desired shared library
-  if (!(Hdll = dlopen(Module, RTLD_LAZY))) {
-    error = dlerror();
-    sprintf(g->Message, MSG(SHARED_LIB_ERR), Module, SVP(error));
-    return NULL;
-    } // endif Hdll
+  if (!Hdll && !(Hdll = dlopen(soname, RTLD_NOLOAD)))
+    // Load the desired shared library
+    if (!(Hdll = dlopen(soname, RTLD_LAZY))) {
+      error = dlerror();
+      sprintf(g->Message, MSG(SHARED_LIB_ERR), soname, SVP(error));
+      return NULL;
+      } // endif Hdll
 
   // The exported name is always in uppercase
   for (int i = 0; ; i++) {
diff --git a/storage/connect/tabjson.cpp b/storage/connect/tabjson.cpp
index 6d3bbeaa56f..34d5827345f 100644
--- a/storage/connect/tabjson.cpp
+++ b/storage/connect/tabjson.cpp
@@ -449,7 +449,7 @@ TDBJSN::TDBJSN(PJDEF tdp, PTXF txfp) : TDBDOS(tdp, txfp)
     Xcol = NULL;
     Limit = 1;
     Pretty = 0;
-    B = 1;
+    B = 0;
     Strict = false;
   } // endif tdp
 
@@ -477,6 +477,7 @@ TDBJSN::TDBJSN(TDBJSN *tdbp) : TDBDOS(NULL, tdbp)
   NextSame = tdbp->NextSame;
   SameRow = tdbp->SameRow;
   Xval = tdbp->Xval;
+  B = tdbp->B;
   Pretty = tdbp->Pretty;
   Strict = tdbp->Strict;
   Comma = tdbp->Comma;