Security: EOM modules must now be loaded from the plugin directory.

modified: storage/connect/mycat.cc modified: storage/connect/reldef.cpp Json array index (position) always defaults to 0 modified: storage/connect/tabjson.cpp

Security: EOM modules must now be loaded from the plugin directory.
modified: storage/connect/mycat.cc modified: storage/connect/reldef.cpp Json array index (position) always defaults to 0 modified: storage/connect/tabjson.cpp
37840d53 · Olivier Bertrand · db33294f · 37840d53 · 37840d53 · 37840d53
Commit 37840d53 authored May 20, 2015 by Olivier Bertrand
Showing with 64 additions and 18 deletions

storage/connect/mycat.cc storage/connect/mycat.cc +36 -5

storage/connect/reldef.cpp storage/connect/reldef.cpp +26 -12

storage/connect/tabjson.cpp storage/connect/tabjson.cpp +2 -1

No files found.
--- a/storage/connect/mycat.cc
+++ b/storage/connect/mycat.cc
@@ -99,6 +99,26 @@ extern "C" HINSTANCE s_hModule;           // Saved module handle

 PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info);

+/***********************************************************************/
+/*  Get the plugin directory.                                          */
+/***********************************************************************/
+char *GetPluginDir(void)
+{
+  char *plugin_dir;
+
+#if defined(_WIN64)
+  plugin_dir = (char *)GetProcAddress(GetModuleHandle(NULL),
+    "?opt_plugin_dir@@3PADEA");
+#elif defined(_WIN32)
+  plugin_dir = (char*)GetProcAddress(GetModuleHandle(NULL),
+    "?opt_plugin_dir@@3PADA");
+#else
+  plugin_dir = opt_plugin_dir;
+#endif
+
+  return plugin_dir;
+} // end of GetPluginDir
+
 /***********************************************************************/
 /*  Get a unique enum table type ID.                                   */
 /***********************************************************************/
@@ -328,7 +348,7 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
  {
  typedef PQRYRES (__stdcall *XCOLDEF) (PGLOBAL, void*, char*, char*, bool);
  const char *module, *subtype;
-  char    c, getname[40] = "Col";
+  char    c, soname[_MAX_PATH], getname[40] = "Col";
 #if defined(WIN32)
  HANDLE  hdll;               /* Handle to the external DLL            */
 #else   // !WIN32
@@ -343,6 +363,17 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
  if (!module || !subtype)
    return NULL;

+  /*********************************************************************/
+  /*  Ensure that the .dll doesn't have a path.                        */
+  /*  This is done to ensure that only approved dll from the system    */
+  /*  directories are used (to make this even remotely secure).        */
+  /*********************************************************************/
+  if (check_valid_path(module, strlen(module))) {
+    strcpy(g->Message, "Module cannot contain a path");
+    return NULL;
+  } else
+    PlugSetPath(soname, module, GetPluginDir());
+    
  // The exported name is always in uppercase
  for (int i = 0; ; i++) {
    c = subtype[i];
@@ -352,11 +383,11 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)

 #if defined(WIN32)
  // Load the Dll implementing the table
-  if (!(hdll = LoadLibrary(module))) {
+  if (!(hdll = LoadLibrary(soname))) {
    char  buf[256];
    DWORD rc = GetLastError();

-    sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, module);
+    sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, soname);
    FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
                  FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
                  (LPTSTR)buf, sizeof(buf), NULL);
@@ -374,9 +405,9 @@ PQRYRES OEMColumns(PGLOBAL g, PTOS topt, char *tab, char *db, bool info)
  const char *error = NULL;

  // Load the desired shared library
-  if (!(hdll = dlopen(module, RTLD_LAZY))) {
+  if (!(hdll = dlopen(soname, RTLD_LAZY))) {
    error = dlerror();
-    sprintf(g->Message, MSG(SHARED_LIB_ERR), module, SVP(error));
+    sprintf(g->Message, MSG(SHARED_LIB_ERR), soname, SVP(error));
    return NULL;
    } // endif Hdll


--- a/storage/connect/reldef.cpp
+++ b/storage/connect/reldef.cpp
@@ -56,6 +56,7 @@ extern handlerton *connect_hton;
 /*  External function.                                                 */
 /***********************************************************************/
 USETEMP UseTemp(void);
+char   *GetPluginDir(void);

 /* --------------------------- Class RELDEF -------------------------- */

@@ -437,20 +438,31 @@ void TABDEF::SetIndexInfo(void)
 PTABDEF OEMDEF::GetXdef(PGLOBAL g)
  {
  typedef PTABDEF (__stdcall *XGETDEF) (PGLOBAL, void *);
-  char    c, getname[40] = "Get";
+  char    c, soname[_MAX_PATH], getname[40] = "Get";
  PTABDEF xdefp;
  XGETDEF getdef = NULL;
  PCATLG  cat = Cat;

+  /*********************************************************************/
+  /*  Ensure that the .dll doesn't have a path.                        */
+  /*  This is done to ensure that only approved dll from the system    */
+  /*  directories are used (to make this even remotely secure).        */
+  /*********************************************************************/
+  if (check_valid_path(Module, strlen(Module))) {
+    strcpy(g->Message, "Module cannot contain a path");
+    return NULL;
+  } else
+    PlugSetPath(soname, Module, GetPluginDir());
+    
 #if defined(WIN32)
  // Is the DLL already loaded?
-  if (!Hdll && !(Hdll = GetModuleHandle(Module)))
+  if (!Hdll && !(Hdll = GetModuleHandle(soname)))
    // No, load the Dll implementing the function
-    if (!(Hdll = LoadLibrary(Module))) {
+    if (!(Hdll = LoadLibrary(soname))) {
      char  buf[256];
      DWORD rc = GetLastError();

-      sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, Module);
+      sprintf(g->Message, MSG(DLL_LOAD_ERROR), rc, soname);
      FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM |
                    FORMAT_MESSAGE_IGNORE_INSERTS, NULL, rc, 0,
                    (LPTSTR)buf, sizeof(buf), NULL);
@@ -474,7 +486,8 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
 #else   // !WIN32
  const char *error = NULL;
  Dl_info dl_info;
-  
+    
+#if 0  // Don't know what all this stuff does
  // The OEM lib must retrieve exported CONNECT variables
  if (dladdr(&connect_hton, &dl_info)) {
    if (dlopen(dl_info.dli_fname, RTLD_NOLOAD | RTLD_NOW | RTLD_GLOBAL) == 0) {
@@ -488,15 +501,16 @@ PTABDEF OEMDEF::GetXdef(PGLOBAL g)
    sprintf(g->Message, "dladdr failed: %s, OEM not supported", SVP(error));
    return NULL;
  } // endif dladdr
+#endif // 0

  // Is the library already loaded?
-//  if (!Hdll && !(Hdll = ???))
-  // Load the desired shared library
-  if (!(Hdll = dlopen(Module, RTLD_LAZY))) {
-    error = dlerror();
-    sprintf(g->Message, MSG(SHARED_LIB_ERR), Module, SVP(error));
-    return NULL;
-    } // endif Hdll
+  if (!Hdll && !(Hdll = dlopen(soname, RTLD_NOLOAD)))
+    // Load the desired shared library
+    if (!(Hdll = dlopen(soname, RTLD_LAZY))) {
+      error = dlerror();
+      sprintf(g->Message, MSG(SHARED_LIB_ERR), soname, SVP(error));
+      return NULL;
+      } // endif Hdll

  // The exported name is always in uppercase
  for (int i = 0; ; i++) {

--- a/storage/connect/tabjson.cpp
+++ b/storage/connect/tabjson.cpp
@@ -449,7 +449,7 @@ TDBJSN::TDBJSN(PJDEF tdp, PTXF txfp) : TDBDOS(tdp, txfp)
    Xcol = NULL;
    Limit = 1;
    Pretty = 0;
-    B = 1;
+    B = 0;
    Strict = false;
  } // endif tdp

@@ -477,6 +477,7 @@ TDBJSN::TDBJSN(TDBJSN *tdbp) : TDBDOS(NULL, tdbp)
  NextSame = tdbp->NextSame;
  SameRow = tdbp->SameRow;
  Xval = tdbp->Xval;
+  B = tdbp->B;
  Pretty = tdbp->Pretty;
  Strict = tdbp->Strict;
  Comma = tdbp->Comma;