From af84921d263b8bb1d1a06989794db07394f94e21 Mon Sep 17 00:00:00 2001 From: Karthik Kamath Date: Thu, 9 Mar 2017 14:57:20 +0530 Subject: BUG#24807826: UINT3KORR SHOULD STOP READING FOUR INSTEAD OF THREE BYTES ON X86 Analysis: ========= The macro uint3korr reads 4 bytes of data instead of 3 on on x86 machines. Multiple definitions were created for this macro for optimization in WIN32. The idea was to optimize reading of 3 byte ints by reading an ordinary int and masking away the unused byte. However this is an undefined behavior. It will be an issue unless users are aware of allocating an extra byte for using this macro. Fix: ==== Removing the definition which reads 4 bytes of data. The only definition of this macro would now read just 3 bytes of data thus prohibiting the usage of an extra byte. Note: ===== This is a backport of Patches #5 and #6 for Bug#17922198. --- include/my_global.h | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) (limited to 'include') diff --git a/include/my_global.h b/include/my_global.h index 0d43964234b..695884cb6c6 100644 --- a/include/my_global.h +++ b/include/my_global.h @@ -1,5 +1,5 @@ /* - Copyright (c) 2001, 2013, Oracle and/or its affiliates. All rights reserved. + Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1064,19 +1064,9 @@ typedef char my_bool; /* Small bool */ ((uint32) (uchar) (A)[0]))) #define sint4korr(A) (*((long *) (A))) #define uint2korr(A) (*((uint16 *) (A))) -#if defined(HAVE_purify) && !defined(_WIN32) #define uint3korr(A) (uint32) (((uint32) ((uchar) (A)[0])) +\ (((uint32) ((uchar) (A)[1])) << 8) +\ (((uint32) ((uchar) (A)[2])) << 16)) -#else -/* - ATTENTION ! - - Please, note, uint3korr reads 4 bytes (not 3) ! - It means, that you have to provide enough allocated space ! -*/ -#define uint3korr(A) (long) (*((unsigned int *) (A)) & 0xFFFFFF) -#endif /* HAVE_purify && !_WIN32 */ #define uint4korr(A) (*((uint32 *) (A))) #define uint5korr(A) ((ulonglong)(((uint32) ((uchar) (A)[0])) +\ (((uint32) ((uchar) (A)[1])) << 8) +\ -- cgit v1.2.1 From 2531c8dcd152bedeeebfe07d5e4a29bd84357c27 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Fri, 10 Mar 2017 01:19:50 +0400 Subject: BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION MYSQL_OPT_SSL_MODE option introduced. It is set in case of --ssl-mode=REQUIRED and permits only SSL connection. --- include/mysql.h | 9 +++++++-- include/mysql.h.pp | 6 +++++- include/sql_common.h | 3 ++- include/sslopt-case.h | 4 ++-- include/sslopt-vars.h | 6 +++--- 5 files changed, 19 insertions(+), 9 deletions(-) (limited to 'include') diff --git a/include/mysql.h b/include/mysql.h index da29cb342cc..7ebf2f725a2 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -167,7 +167,7 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN + MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE }; /** @@ -224,6 +224,11 @@ enum mysql_protocol_type MYSQL_PROTOCOL_PIPE, MYSQL_PROTOCOL_MEMORY }; +enum mysql_ssl_mode +{ + SSL_MODE_REQUIRED= 3 +}; + typedef struct character_set { unsigned int number; /* character set number */ diff --git a/include/mysql.h.pp b/include/mysql.h.pp index c2c5ba35044..0f292d921ee 100644 --- a/include/mysql.h.pp +++ b/include/mysql.h.pp @@ -263,7 +263,7 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN + MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE }; struct st_mysql_options_extention; struct st_mysql_options { @@ -307,6 +307,10 @@ enum mysql_protocol_type MYSQL_PROTOCOL_DEFAULT, MYSQL_PROTOCOL_TCP, MYSQL_PROTOCOL_SOCKET, MYSQL_PROTOCOL_PIPE, MYSQL_PROTOCOL_MEMORY }; +enum mysql_ssl_mode +{ + SSL_MODE_REQUIRED= 3 +}; typedef struct character_set { unsigned int number; diff --git a/include/sql_common.h b/include/sql_common.h index a2ea3ac45e7..05bbb5a4f53 100644 --- a/include/sql_common.h +++ b/include/sql_common.h @@ -1,7 +1,7 @@ #ifndef SQL_COMMON_INCLUDED #define SQL_COMMON_INCLUDED -/* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -32,6 +32,7 @@ struct st_mysql_options_extention { char *plugin_dir; char *default_auth; my_bool enable_cleartext_plugin; + unsigned int ssl_mode; }; typedef struct st_mysql_methods diff --git a/include/sslopt-case.h b/include/sslopt-case.h index 57702b3b352..0fddafc4fa9 100644 --- a/include/sslopt-case.h +++ b/include/sslopt-case.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_CASE_INCLUDED #define SSLOPT_CASE_INCLUDED -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -38,7 +38,7 @@ exit(1); } else - opt_ssl_required= 1; + opt_ssl_mode= SSL_MODE_REQUIRED; break; #endif /* MYSQL_CLIENT */ #endif diff --git a/include/sslopt-vars.h b/include/sslopt-vars.h index 6c9bd4296ef..a037538f693 100644 --- a/include/sslopt-vars.h +++ b/include/sslopt-vars.h @@ -1,7 +1,7 @@ #ifndef SSLOPT_VARS_INCLUDED #define SSLOPT_VARS_INCLUDED -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,11 +31,11 @@ SSL_STATIC char *opt_ssl_key = 0; #ifdef MYSQL_CLIENT SSL_STATIC my_bool opt_ssl_verify_server_cert= 0; -SSL_STATIC my_bool opt_ssl_required= 0; +SSL_STATIC uint opt_ssl_mode= 0; #endif /* MYSQL_CLIENT */ #else /* HAVE_OPENSSL */ -#define opt_ssl_required 0 +#define opt_ssl_mode 0 #endif /* HAVE_OPENSSL */ #endif /* SSLOPT_VARS_INCLUDED */ -- cgit v1.2.1 From 8ea859d3007334065496b78dd8dd57e51c296a55 Mon Sep 17 00:00:00 2001 From: Ramil Kalimullin Date: Mon, 13 Mar 2017 17:01:59 +0400 Subject: BUG#25575605: SETTING --SSL-MODE=REQUIRED SENDS CREDENTIALS BEFORE VERIFYING SSL CONNECTION Changed MYSQL_OPT_SSL_MODE to be the same as in 5.6 (ABI compatibility). --- include/mysql.h | 4 +++- include/mysql.h.pp | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/mysql.h b/include/mysql.h index 7ebf2f725a2..3a27ab4128c 100644 --- a/include/mysql.h +++ b/include/mysql.h @@ -167,7 +167,9 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE + MYSQL_ENABLE_CLEARTEXT_PLUGIN, + /* Set MYSQL_OPT_SSL_MODE to be the same as in 5.6 (ABI compatibility). */ + MYSQL_OPT_SSL_MODE= 38 }; /** diff --git a/include/mysql.h.pp b/include/mysql.h.pp index 0f292d921ee..774bf2d0301 100644 --- a/include/mysql.h.pp +++ b/include/mysql.h.pp @@ -263,7 +263,8 @@ enum mysql_option MYSQL_OPT_GUESS_CONNECTION, MYSQL_SET_CLIENT_IP, MYSQL_SECURE_AUTH, MYSQL_REPORT_DATA_TRUNCATION, MYSQL_OPT_RECONNECT, MYSQL_OPT_SSL_VERIFY_SERVER_CERT, MYSQL_PLUGIN_DIR, MYSQL_DEFAULT_AUTH, - MYSQL_ENABLE_CLEARTEXT_PLUGIN, MYSQL_OPT_SSL_MODE + MYSQL_ENABLE_CLEARTEXT_PLUGIN, + MYSQL_OPT_SSL_MODE= 38 }; struct st_mysql_options_extention; struct st_mysql_options { -- cgit v1.2.1 From b615c3dff885b1ce44fa2275aec8f04c8963ea75 Mon Sep 17 00:00:00 2001 From: Nisha Gopalakrishnan Date: Fri, 12 May 2017 09:47:48 +0530 Subject: BUG#25451091:CREATE TABLE DATA DIRECTORY / INDEX DIRECTORY SYMLINK CHECK RACE CONDITIONS ANALYSIS: ========= A potential defect exists in the handling of CREATE TABLE .. DATA DIRECTORY/ INDEX DIRECTORY which gives way to the user to gain access to another user table or a system table. FIX: ==== The lstat and fstat output of the target files are now stored which help in determining the identity of the target files thus preventing the unauthorized access to other files. --- include/my_sys.h | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'include') diff --git a/include/my_sys.h b/include/my_sys.h index 472c2ba5ca0..9983ee3319f 100644 --- a/include/my_sys.h +++ b/include/my_sys.h @@ -1,4 +1,4 @@ -/* Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -49,6 +49,7 @@ typedef struct my_aio_result { #ifdef _WIN32 #include /*for alloca*/ #endif +#include #define MY_INIT(name) { my_progname= name; my_init(); } @@ -491,6 +492,16 @@ typedef struct st_io_cache /* Used when cacheing files */ typedef int (*qsort2_cmp)(const void *, const void *, const void *); +/* + Subset of struct stat fields filled by stat/lstat/fstat that uniquely + identify a file +*/ +typedef struct st_file_id +{ + dev_t st_dev; + ino_t st_ino; +} ST_FILE_ID; + /* defines for mf_iocache */ /* Test if buffer is inited */ @@ -569,8 +580,9 @@ extern File my_create(const char *FileName,int CreateFlags, extern int my_close(File Filedes,myf MyFlags); extern int my_mkdir(const char *dir, int Flags, myf MyFlags); extern int my_readlink(char *to, const char *filename, myf MyFlags); -extern int my_is_symlink(const char *filename); +extern int my_is_symlink(const char *filename, ST_FILE_ID *file_id); extern int my_realpath(char *to, const char *filename, myf MyFlags); +extern int my_is_same_file(File file, const ST_FILE_ID *file_id); extern File my_create_with_symlink(const char *linkname, const char *filename, int createflags, int access_flags, myf MyFlags); -- cgit v1.2.1 From d5cd33450413816f8696125cd66c8393921e6267 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Tue, 27 Jun 2017 14:00:10 +0200 Subject: MDEV-13187 incorrect backslash parsing in clients cover ANSI_QUOTES and NO_BACKSLASH_ESCAPES in mysqltest --- include/mysql_com.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/mysql_com.h b/include/mysql_com.h index 0d57b178937..df9681e02a4 100644 --- a/include/mysql_com.h +++ b/include/mysql_com.h @@ -296,6 +296,8 @@ enum enum_server_command */ #define SERVER_PS_OUT_PARAMS 4096 +#define SERVER_STATUS_ANSI_QUOTES 32768 + /** Server status flags that must be cleared when starting execution of a new SQL statement. -- cgit v1.2.1 From 0375f2e2730c6e30f3e6f171c9b73d8553a3ae9a Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 14 Jul 2017 15:30:27 +0200 Subject: MDEV-12144 Signal 6 crash corrupts ibd files Avoid using STDERR_FILENO. The server uses freopen(stderr), so stderr can be on any file descriptor. --- include/my_global.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/my_global.h b/include/my_global.h index 0c15478439f..42e3c1ad0c8 100644 --- a/include/my_global.h +++ b/include/my_global.h @@ -421,9 +421,8 @@ extern "C" int madvise(void *addr, size_t len, int behav); #define SIGNAL_HANDLER_RESET_ON_DELIVERY #endif -#ifndef STDERR_FILENO -#define STDERR_FILENO fileno(stderr) -#endif +/* don't assume that STDERR_FILENO is 2, mysqld can freopen */ +#undef STDERR_FILENO /* Deprecated workaround for false-positive uninitialized variables -- cgit v1.2.1