Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
c492c34f
Commit
c492c34f
authored
Feb 19, 2024
by
Yuchen Pei
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
MDEV-33434 spider direct sql: Check length before memcpy
similar to MDEV-30981
parent
d510f805
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
80 additions
and
82 deletions
+80
-82
storage/spider/mysql-test/spider/bugfix/r/mdev_33434.result
storage/spider/mysql-test/spider/bugfix/r/mdev_33434.result
+12
-0
storage/spider/mysql-test/spider/bugfix/t/mdev_33434.test
storage/spider/mysql-test/spider/bugfix/t/mdev_33434.test
+15
-0
storage/spider/spd_direct_sql.cc
storage/spider/spd_direct_sql.cc
+53
-82
No files found.
storage/spider/mysql-test/spider/bugfix/r/mdev_33434.result
0 → 100644
View file @
c492c34f
#
# MDEV-33434 MDEV-33434 UBSAN null pointer passed as argument 2, which is declared to never be null in spider_udf_direct_sql_create_conn
#
INSTALL SONAME 'ha_spider';
SET character_set_connection=ucs2;
SELECT SPIDER_DIRECT_SQL('SELECT SLEEP(1)', '', 'srv "dummy", port "3307"');
ERROR HY000: Unable to connect to foreign data source: localhost
Warnings:
Warning 1620 Plugin is busy and will be uninstalled on shutdown
#
# end of test mdev_33434
#
storage/spider/mysql-test/spider/bugfix/t/mdev_33434.test
0 → 100644
View file @
c492c34f
--
echo
#
--
echo
# MDEV-33434 MDEV-33434 UBSAN null pointer passed as argument 2, which is declared to never be null in spider_udf_direct_sql_create_conn
--
echo
#
INSTALL
SONAME
'ha_spider'
;
SET
character_set_connection
=
ucs2
;
--
error
ER_CONNECT_TO_FOREIGN_DATA_SOURCE
SELECT
SPIDER_DIRECT_SQL
(
'SELECT SLEEP(1)'
,
''
,
'srv "dummy", port "3307"'
);
--
disable_query_log
--
source
../../
include
/
clean_up_spider
.
inc
--
enable_query_log
--
echo
#
--
echo
# end of test mdev_33434
--
echo
#
storage/spider/spd_direct_sql.cc
View file @
c492c34f
...
...
@@ -413,6 +413,23 @@ int spider_udf_direct_sql_create_conn_key(
DBUG_RETURN
(
0
);
}
static
inline
void
spider_maybe_memcpy_string
(
char
**
dest
,
char
*
src
,
char
*
tmp
,
uint
*
dest_len
,
uint
src_len
)
{
*
dest_len
=
src_len
;
if
(
src_len
)
{
*
dest
=
tmp
;
memcpy
(
*
dest
,
src
,
src_len
);
}
else
*
dest
=
NULL
;
}
SPIDER_CONN
*
spider_udf_direct_sql_create_conn
(
const
SPIDER_DIRECT_SQL
*
direct_sql
,
int
*
error_num
...
...
@@ -504,89 +521,43 @@ SPIDER_CONN *spider_udf_direct_sql_create_conn(
{
#endif
conn
->
tgt_port
=
direct_sql
->
tgt_port
;
conn
->
tgt_socket_length
=
direct_sql
->
tgt_socket_length
;
conn
->
tgt_socket
=
tmp_socket
;
memcpy
(
conn
->
tgt_socket
,
direct_sql
->
tgt_socket
,
direct_sql
->
tgt_socket_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_socket
,
direct_sql
->
tgt_socket
,
tmp_socket
,
&
conn
->
tgt_socket_length
,
direct_sql
->
tgt_socket_length
);
if
(
!
tables_on_different_db_are_joinable
)
{
conn
->
tgt_db_length
=
direct_sql
->
tgt_default_db_name_length
;
conn
->
tgt_db
=
tmp_db
;
memcpy
(
conn
->
tgt_db
,
direct_sql
->
tgt_default_db_name
,
direct_sql
->
tgt_default_db_name_length
);
}
conn
->
tgt_username_length
=
direct_sql
->
tgt_username_length
;
conn
->
tgt_username
=
tmp_username
;
memcpy
(
conn
->
tgt_username
,
direct_sql
->
tgt_username
,
direct_sql
->
tgt_username_length
);
conn
->
tgt_password_length
=
direct_sql
->
tgt_password_length
;
conn
->
tgt_password
=
tmp_password
;
memcpy
(
conn
->
tgt_password
,
direct_sql
->
tgt_password
,
direct_sql
->
tgt_password_length
);
conn
->
tgt_ssl_ca_length
=
direct_sql
->
tgt_ssl_ca_length
;
if
(
conn
->
tgt_ssl_ca_length
)
{
conn
->
tgt_ssl_ca
=
tmp_ssl_ca
;
memcpy
(
conn
->
tgt_ssl_ca
,
direct_sql
->
tgt_ssl_ca
,
direct_sql
->
tgt_ssl_ca_length
);
}
else
conn
->
tgt_ssl_ca
=
NULL
;
conn
->
tgt_ssl_capath_length
=
direct_sql
->
tgt_ssl_capath_length
;
if
(
conn
->
tgt_ssl_capath_length
)
{
conn
->
tgt_ssl_capath
=
tmp_ssl_capath
;
memcpy
(
conn
->
tgt_ssl_capath
,
direct_sql
->
tgt_ssl_capath
,
direct_sql
->
tgt_ssl_capath_length
);
}
else
conn
->
tgt_ssl_capath
=
NULL
;
conn
->
tgt_ssl_cert_length
=
direct_sql
->
tgt_ssl_cert_length
;
if
(
conn
->
tgt_ssl_cert_length
)
{
conn
->
tgt_ssl_cert
=
tmp_ssl_cert
;
memcpy
(
conn
->
tgt_ssl_cert
,
direct_sql
->
tgt_ssl_cert
,
direct_sql
->
tgt_ssl_cert_length
);
}
else
conn
->
tgt_ssl_cert
=
NULL
;
conn
->
tgt_ssl_cipher_length
=
direct_sql
->
tgt_ssl_cipher_length
;
if
(
conn
->
tgt_ssl_cipher_length
)
{
conn
->
tgt_ssl_cipher
=
tmp_ssl_cipher
;
memcpy
(
conn
->
tgt_ssl_cipher
,
direct_sql
->
tgt_ssl_cipher
,
direct_sql
->
tgt_ssl_cipher_length
);
}
else
conn
->
tgt_ssl_cipher
=
NULL
;
conn
->
tgt_ssl_key_length
=
direct_sql
->
tgt_ssl_key_length
;
if
(
conn
->
tgt_ssl_key_length
)
{
conn
->
tgt_ssl_key
=
tmp_ssl_key
;
memcpy
(
conn
->
tgt_ssl_key
,
direct_sql
->
tgt_ssl_key
,
direct_sql
->
tgt_ssl_key_length
);
}
else
conn
->
tgt_ssl_key
=
NULL
;
conn
->
tgt_default_file_length
=
direct_sql
->
tgt_default_file_length
;
if
(
conn
->
tgt_default_file_length
)
{
conn
->
tgt_default_file
=
tmp_default_file
;
memcpy
(
conn
->
tgt_default_file
,
direct_sql
->
tgt_default_file
,
direct_sql
->
tgt_default_file_length
);
}
else
conn
->
tgt_default_file
=
NULL
;
conn
->
tgt_default_group_length
=
direct_sql
->
tgt_default_group_length
;
if
(
conn
->
tgt_default_group_length
)
{
conn
->
tgt_default_group
=
tmp_default_group
;
memcpy
(
conn
->
tgt_default_group
,
direct_sql
->
tgt_default_group
,
direct_sql
->
tgt_default_group_length
);
}
else
conn
->
tgt_default_group
=
NULL
;
conn
->
tgt_dsn_length
=
direct_sql
->
tgt_dsn_length
;
if
(
conn
->
tgt_dsn_length
)
{
conn
->
tgt_dsn
=
tmp_dsn
;
memcpy
(
conn
->
tgt_dsn
,
direct_sql
->
tgt_dsn
,
direct_sql
->
tgt_dsn_length
);
}
else
conn
->
tgt_dsn
=
NULL
;
spider_maybe_memcpy_string
(
&
conn
->
tgt_db
,
direct_sql
->
tgt_default_db_name
,
tmp_db
,
&
conn
->
tgt_db_length
,
direct_sql
->
tgt_default_db_name_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_username
,
direct_sql
->
tgt_username
,
tmp_username
,
&
conn
->
tgt_username_length
,
direct_sql
->
tgt_username_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_password
,
direct_sql
->
tgt_password
,
tmp_password
,
&
conn
->
tgt_password_length
,
direct_sql
->
tgt_password_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_ssl_ca
,
direct_sql
->
tgt_ssl_ca
,
tmp_ssl_ca
,
&
conn
->
tgt_ssl_ca_length
,
direct_sql
->
tgt_ssl_ca_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_ssl_capath
,
direct_sql
->
tgt_ssl_capath
,
tmp_ssl_capath
,
&
conn
->
tgt_ssl_capath_length
,
direct_sql
->
tgt_ssl_capath_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_ssl_cert
,
direct_sql
->
tgt_ssl_cert
,
tmp_ssl_cert
,
&
conn
->
tgt_ssl_cert_length
,
direct_sql
->
tgt_ssl_cert_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_ssl_cipher
,
direct_sql
->
tgt_ssl_cipher
,
tmp_ssl_cipher
,
&
conn
->
tgt_ssl_cipher_length
,
direct_sql
->
tgt_ssl_cipher_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_ssl_key
,
direct_sql
->
tgt_ssl_key
,
tmp_ssl_key
,
&
conn
->
tgt_ssl_key_length
,
direct_sql
->
tgt_ssl_key_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_default_file
,
direct_sql
->
tgt_default_file
,
tmp_default_file
,
&
conn
->
tgt_default_file_length
,
direct_sql
->
tgt_default_file_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_default_group
,
direct_sql
->
tgt_default_group
,
tmp_default_group
,
&
conn
->
tgt_default_group_length
,
direct_sql
->
tgt_default_group_length
);
spider_maybe_memcpy_string
(
&
conn
->
tgt_dsn
,
direct_sql
->
tgt_dsn
,
tmp_dsn
,
&
conn
->
tgt_dsn_length
,
direct_sql
->
tgt_dsn_length
);
conn
->
tgt_ssl_vsc
=
direct_sql
->
tgt_ssl_vsc
;
#if defined(HS_HAS_SQLCOM) && defined(HAVE_HANDLERSOCKET)
}
else
{
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment