Commit 5b8ab193 authored by Sergei Golubchik's avatar Sergei Golubchik

Merge branch '10.4' into 10.5

parents 5b3d3792 a6e451dc
MYSQL_VERSION_MAJOR=10 MYSQL_VERSION_MAJOR=10
MYSQL_VERSION_MINOR=5 MYSQL_VERSION_MINOR=5
MYSQL_VERSION_PATCH=5 MYSQL_VERSION_PATCH=6
SERVER_MATURITY=stable SERVER_MATURITY=stable
...@@ -1824,6 +1824,35 @@ static int sst_donate_other (const char* method, ...@@ -1824,6 +1824,35 @@ static int sst_donate_other (const char* method,
return arg.err; return arg.err;
} }
/* return true if character can be a part of a filename */
static bool filename_char(int const c)
{
return isalnum(c) || (c == '-') || (c == '_') || (c == '.');
}
/* return true if character can be a part of an address string */
static bool address_char(int const c)
{
return filename_char(c) ||
(c == ':') || (c == '[') || (c == ']') || (c == '/');
}
static bool check_request_str(const char* const str,
bool (*check) (int c))
{
for (size_t i(0); str[i] != '\0'; ++i)
{
if (!check(str[i]))
{
WSREP_WARN("Illegal character in state transfer request: %i (%c).",
str[i], str[i]);
return true;
}
}
return false;
}
int wsrep_sst_donate(const std::string& msg, int wsrep_sst_donate(const std::string& msg,
const wsrep::gtid& current_gtid, const wsrep::gtid& current_gtid,
const bool bypass) const bool bypass)
...@@ -1835,8 +1864,21 @@ int wsrep_sst_donate(const std::string& msg, ...@@ -1835,8 +1864,21 @@ int wsrep_sst_donate(const std::string& msg,
const char* method= msg.data(); const char* method= msg.data();
size_t method_len= strlen (method); size_t method_len= strlen (method);
if (check_request_str(method, filename_char))
{
WSREP_ERROR("Bad SST method name. SST canceled.");
return WSREP_CB_FAILURE;
}
const char* data= method + method_len + 1; const char* data= method + method_len + 1;
if (check_request_str(data, address_char))
{
WSREP_ERROR("Bad SST address string. SST canceled.");
return WSREP_CB_FAILURE;
}
wsp::env env(NULL); wsp::env env(NULL);
if (env.error()) if (env.error())
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment