diff options
| -rw-r--r-- | mysql-test/r/plugin.result | 9 | ||||
| -rw-r--r-- | mysql-test/t/plugin.test | 17 | ||||
| -rw-r--r-- | sql/sql_plugin.cc | 3 |
3 files changed, 28 insertions, 1 deletions
diff --git a/mysql-test/r/plugin.result b/mysql-test/r/plugin.result index 04931001901..6020747aec4 100644 --- a/mysql-test/r/plugin.result +++ b/mysql-test/r/plugin.result @@ -353,4 +353,13 @@ select * from mysql.plugin WHERE name='unexisting_plugin'; name dl UNINSTALL PLUGIN unexisting_plugin; ERROR 42000: PLUGIN unexisting_plugin does not exist +# +# MDEV-26323 use-after-poison issue of MariaDB server +# +INSTALL PLUGIN DEALLOCATE SONAME ''; +ERROR HY000: Can't open shared library '.so' +INSTALL PLUGIN DEALLOCATE SONAME 'x'; +ERROR HY000: Can't open shared library 'x.so' +INSTALL PLUGIN DEALLOCATE SONAME 'xx'; +ERROR HY000: Can't open shared library 'xx.so' # End of 10.2 tests diff --git a/mysql-test/t/plugin.test b/mysql-test/t/plugin.test index d2e828b2589..5ac616a1310 100644 --- a/mysql-test/t/plugin.test +++ b/mysql-test/t/plugin.test @@ -295,4 +295,21 @@ select * from mysql.plugin WHERE name='unexisting_plugin'; --error ER_SP_DOES_NOT_EXIST UNINSTALL PLUGIN unexisting_plugin; +--echo # +--echo # MDEV-26323 use-after-poison issue of MariaDB server +--echo # + +--replace_regex /library '.*[\\/].(dll|so)' [(].*[)]/library '.so'/ +--error ER_CANT_OPEN_LIBRARY +INSTALL PLUGIN DEALLOCATE SONAME ''; + +--replace_regex /library '.*[\\/]x.(dll|so)' [(].*[)]/library 'x.so'/ +--error ER_CANT_OPEN_LIBRARY +INSTALL PLUGIN DEALLOCATE SONAME 'x'; + +--replace_regex /library '.*[\\/]xx.(dll|so)' [(].*[)]/library 'xx.so'/ +--error ER_CANT_OPEN_LIBRARY +INSTALL PLUGIN DEALLOCATE SONAME 'xx'; + + --echo # End of 10.2 tests diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 97bc17042b2..75631faccaa 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -372,7 +372,8 @@ bool check_valid_path(const char *path, size_t len) static void fix_dl_name(MEM_ROOT *root, LEX_STRING *dl) { const size_t so_ext_len= sizeof(SO_EXT) - 1; - if (my_strcasecmp(&my_charset_latin1, dl->str + dl->length - so_ext_len, + if (dl->length < so_ext_len || + my_strcasecmp(&my_charset_latin1, dl->str + dl->length - so_ext_len, SO_EXT)) { char *s= (char*)alloc_root(root, dl->length + so_ext_len + 1); |