Commit c492c34f authored by Yuchen Pei's avatar Yuchen Pei

MDEV-33434 spider direct sql: Check length before memcpy

similar to MDEV-30981
parent d510f805
#
# MDEV-33434 MDEV-33434 UBSAN null pointer passed as argument 2, which is declared to never be null in spider_udf_direct_sql_create_conn
#
INSTALL SONAME 'ha_spider';
SET character_set_connection=ucs2;
SELECT SPIDER_DIRECT_SQL('SELECT SLEEP(1)', '', 'srv "dummy", port "3307"');
ERROR HY000: Unable to connect to foreign data source: localhost
Warnings:
Warning 1620 Plugin is busy and will be uninstalled on shutdown
#
# end of test mdev_33434
#
--echo #
--echo # MDEV-33434 MDEV-33434 UBSAN null pointer passed as argument 2, which is declared to never be null in spider_udf_direct_sql_create_conn
--echo #
INSTALL SONAME 'ha_spider';
SET character_set_connection=ucs2;
--error ER_CONNECT_TO_FOREIGN_DATA_SOURCE
SELECT SPIDER_DIRECT_SQL('SELECT SLEEP(1)', '', 'srv "dummy", port "3307"');
--disable_query_log
--source ../../include/clean_up_spider.inc
--enable_query_log
--echo #
--echo # end of test mdev_33434
--echo #
...@@ -413,6 +413,23 @@ int spider_udf_direct_sql_create_conn_key( ...@@ -413,6 +413,23 @@ int spider_udf_direct_sql_create_conn_key(
DBUG_RETURN(0); DBUG_RETURN(0);
} }
static inline void spider_maybe_memcpy_string(
char **dest,
char *src,
char *tmp,
uint *dest_len,
uint src_len)
{
*dest_len= src_len;
if (src_len)
{
*dest= tmp;
memcpy(*dest, src, src_len);
} else
*dest= NULL;
}
SPIDER_CONN *spider_udf_direct_sql_create_conn( SPIDER_CONN *spider_udf_direct_sql_create_conn(
const SPIDER_DIRECT_SQL *direct_sql, const SPIDER_DIRECT_SQL *direct_sql,
int *error_num int *error_num
...@@ -504,89 +521,43 @@ SPIDER_CONN *spider_udf_direct_sql_create_conn( ...@@ -504,89 +521,43 @@ SPIDER_CONN *spider_udf_direct_sql_create_conn(
{ {
#endif #endif
conn->tgt_port = direct_sql->tgt_port; conn->tgt_port = direct_sql->tgt_port;
conn->tgt_socket_length = direct_sql->tgt_socket_length; spider_maybe_memcpy_string(
conn->tgt_socket = tmp_socket; &conn->tgt_socket, direct_sql->tgt_socket, tmp_socket,
memcpy(conn->tgt_socket, direct_sql->tgt_socket, &conn->tgt_socket_length, direct_sql->tgt_socket_length);
direct_sql->tgt_socket_length);
if (!tables_on_different_db_are_joinable) if (!tables_on_different_db_are_joinable)
{ spider_maybe_memcpy_string(
conn->tgt_db_length = direct_sql->tgt_default_db_name_length; &conn->tgt_db, direct_sql->tgt_default_db_name, tmp_db,
conn->tgt_db = tmp_db; &conn->tgt_db_length, direct_sql->tgt_default_db_name_length);
memcpy(conn->tgt_db, direct_sql->tgt_default_db_name, spider_maybe_memcpy_string(
direct_sql->tgt_default_db_name_length); &conn->tgt_username, direct_sql->tgt_username, tmp_username,
} &conn->tgt_username_length, direct_sql->tgt_username_length);
conn->tgt_username_length = direct_sql->tgt_username_length; spider_maybe_memcpy_string(
conn->tgt_username = tmp_username; &conn->tgt_password, direct_sql->tgt_password, tmp_password,
memcpy(conn->tgt_username, direct_sql->tgt_username, &conn->tgt_password_length, direct_sql->tgt_password_length);
direct_sql->tgt_username_length); spider_maybe_memcpy_string(
conn->tgt_password_length = direct_sql->tgt_password_length; &conn->tgt_ssl_ca, direct_sql->tgt_ssl_ca, tmp_ssl_ca,
conn->tgt_password = tmp_password; &conn->tgt_ssl_ca_length, direct_sql->tgt_ssl_ca_length);
memcpy(conn->tgt_password, direct_sql->tgt_password, spider_maybe_memcpy_string(
direct_sql->tgt_password_length); &conn->tgt_ssl_capath, direct_sql->tgt_ssl_capath, tmp_ssl_capath,
conn->tgt_ssl_ca_length = direct_sql->tgt_ssl_ca_length; &conn->tgt_ssl_capath_length, direct_sql->tgt_ssl_capath_length);
if (conn->tgt_ssl_ca_length) spider_maybe_memcpy_string(
{ &conn->tgt_ssl_cert, direct_sql->tgt_ssl_cert, tmp_ssl_cert,
conn->tgt_ssl_ca = tmp_ssl_ca; &conn->tgt_ssl_cert_length, direct_sql->tgt_ssl_cert_length);
memcpy(conn->tgt_ssl_ca, direct_sql->tgt_ssl_ca, spider_maybe_memcpy_string(
direct_sql->tgt_ssl_ca_length); &conn->tgt_ssl_cipher, direct_sql->tgt_ssl_cipher, tmp_ssl_cipher,
} else &conn->tgt_ssl_cipher_length, direct_sql->tgt_ssl_cipher_length);
conn->tgt_ssl_ca = NULL; spider_maybe_memcpy_string(
conn->tgt_ssl_capath_length = direct_sql->tgt_ssl_capath_length; &conn->tgt_ssl_key, direct_sql->tgt_ssl_key, tmp_ssl_key,
if (conn->tgt_ssl_capath_length) &conn->tgt_ssl_key_length, direct_sql->tgt_ssl_key_length);
{ spider_maybe_memcpy_string(
conn->tgt_ssl_capath = tmp_ssl_capath; &conn->tgt_default_file, direct_sql->tgt_default_file, tmp_default_file,
memcpy(conn->tgt_ssl_capath, direct_sql->tgt_ssl_capath, &conn->tgt_default_file_length, direct_sql->tgt_default_file_length);
direct_sql->tgt_ssl_capath_length); spider_maybe_memcpy_string(
} else &conn->tgt_default_group, direct_sql->tgt_default_group, tmp_default_group,
conn->tgt_ssl_capath = NULL; &conn->tgt_default_group_length, direct_sql->tgt_default_group_length);
conn->tgt_ssl_cert_length = direct_sql->tgt_ssl_cert_length; spider_maybe_memcpy_string(
if (conn->tgt_ssl_cert_length) &conn->tgt_dsn, direct_sql->tgt_dsn, tmp_dsn,
{ &conn->tgt_dsn_length, direct_sql->tgt_dsn_length);
conn->tgt_ssl_cert = tmp_ssl_cert;
memcpy(conn->tgt_ssl_cert, direct_sql->tgt_ssl_cert,
direct_sql->tgt_ssl_cert_length);
} else
conn->tgt_ssl_cert = NULL;
conn->tgt_ssl_cipher_length = direct_sql->tgt_ssl_cipher_length;
if (conn->tgt_ssl_cipher_length)
{
conn->tgt_ssl_cipher = tmp_ssl_cipher;
memcpy(conn->tgt_ssl_cipher, direct_sql->tgt_ssl_cipher,
direct_sql->tgt_ssl_cipher_length);
} else
conn->tgt_ssl_cipher = NULL;
conn->tgt_ssl_key_length = direct_sql->tgt_ssl_key_length;
if (conn->tgt_ssl_key_length)
{
conn->tgt_ssl_key = tmp_ssl_key;
memcpy(conn->tgt_ssl_key, direct_sql->tgt_ssl_key,
direct_sql->tgt_ssl_key_length);
} else
conn->tgt_ssl_key = NULL;
conn->tgt_default_file_length = direct_sql->tgt_default_file_length;
if (conn->tgt_default_file_length)
{
conn->tgt_default_file = tmp_default_file;
memcpy(conn->tgt_default_file, direct_sql->tgt_default_file,
direct_sql->tgt_default_file_length);
} else
conn->tgt_default_file = NULL;
conn->tgt_default_group_length = direct_sql->tgt_default_group_length;
if (conn->tgt_default_group_length)
{
conn->tgt_default_group = tmp_default_group;
memcpy(conn->tgt_default_group, direct_sql->tgt_default_group,
direct_sql->tgt_default_group_length);
} else
conn->tgt_default_group = NULL;
conn->tgt_dsn_length = direct_sql->tgt_dsn_length;
if (conn->tgt_dsn_length)
{
conn->tgt_dsn = tmp_dsn;
memcpy(conn->tgt_dsn, direct_sql->tgt_dsn,
direct_sql->tgt_dsn_length);
} else
conn->tgt_dsn = NULL;
conn->tgt_ssl_vsc = direct_sql->tgt_ssl_vsc; conn->tgt_ssl_vsc = direct_sql->tgt_ssl_vsc;
#if defined(HS_HAS_SQLCOM) && defined(HAVE_HANDLERSOCKET) #if defined(HS_HAS_SQLCOM) && defined(HAVE_HANDLERSOCKET)
} else { } else {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment