diff options
| -rw-r--r-- | mysql-test/r/connect_debug.result | 5 | ||||
| -rw-r--r-- | mysql-test/t/connect_debug.test | 11 | ||||
| -rw-r--r-- | sql-common/client_plugin.c | 8 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 1 |
4 files changed, 24 insertions, 1 deletions
diff --git a/mysql-test/r/connect_debug.result b/mysql-test/r/connect_debug.result index 0452b238db9..3151166a0e6 100644 --- a/mysql-test/r/connect_debug.result +++ b/mysql-test/r/connect_debug.result @@ -3,3 +3,8 @@ set global debug_dbug='+d,auth_disconnect'; create user 'bad' identified by 'worse'; set global debug_dbug=@old_dbug; drop user bad; +set global debug_dbug='+d,auth_invalid_plugin'; +create user 'bad' identified by 'worse'; +ERROR 2059 (HY000): Authentication plugin 'foo/bar' cannot be loaded: invalid plugin name +set global debug_dbug=@old_dbug; +drop user bad; diff --git a/mysql-test/t/connect_debug.test b/mysql-test/t/connect_debug.test index 299b605b2cd..7a2f2872b79 100644 --- a/mysql-test/t/connect_debug.test +++ b/mysql-test/t/connect_debug.test @@ -1,3 +1,4 @@ +source include/not_embedded.inc; source include/have_debug.inc; set @old_dbug=@@global.debug_dbug; @@ -10,3 +11,13 @@ create user 'bad' identified by 'worse'; --exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse set global debug_dbug=@old_dbug; drop user bad; + +# +# malicious server, invalid plugin name +# +set global debug_dbug='+d,auth_invalid_plugin'; +create user 'bad' identified by 'worse'; +--error 1 +--exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1 +set global debug_dbug=@old_dbug; +drop user bad; diff --git a/sql-common/client_plugin.c b/sql-common/client_plugin.c index f5e1ffbbf5c..812cefe03f5 100644 --- a/sql-common/client_plugin.c +++ b/sql-common/client_plugin.c @@ -362,7 +362,13 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type, mysql->options.extension && mysql->options.extension->plugin_dir ? mysql->options.extension->plugin_dir : PLUGINDIR, "/", name, SO_EXT, NullS); - + + if (strpbrk(name, "()[]!@#$%^&/*;.,'?")) + { + errmsg= "invalid plugin name"; + goto err; + } + DBUG_PRINT ("info", ("dlopeninig %s", dlpath)); /* Open new dll handle */ if (!(dlhandle= dlopen(dlpath, RTLD_NOW))) diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index ef5fed1fc19..8670f5b390d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -8256,6 +8256,7 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio, ((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin; DBUG_EXECUTE_IF("auth_disconnect", { vio_close(net->vio); DBUG_RETURN(1); }); + DBUG_EXECUTE_IF("auth_invalid_plugin", client_auth_plugin="foo/bar"; ); DBUG_ASSERT(client_auth_plugin); /* |