MDEV-32525 Validate --redirect_url supplied as server flag

Like sql_mode, we factor out of ON_CHECK function for export, to be used in get_options() during server startup, for validation of --redirect_url value.

MDEV-32525 Validate --redirect_url supplied as server flag
Like sql_mode, we factor out of ON_CHECK function for export, to be used in get_options() during server startup, for validation of --redirect_url value.
c4a506f0 · Yuchen Pei · 5af70dec · c4a506f0 · c4a506f0 · c4a506f0
Commit c4a506f0 authored Oct 24, 2023 by Yuchen Pei
5 changed files
--- a/mysql-test/suite/sys_vars/r/mdev_32525.result
+++ b/mysql-test/suite/sys_vars/r/mdev_32525.result
+#
+# MDEV-32525 Server startup fails to validate invalid redirect_url
+#
+FOUND 1 /\[ERROR\].*Invalid redirect_url: mariadbaaa://test/ in mdev_32525.err
+# restart
+select @@redirect_url;
+@@redirect_url
+
+#
+# end of test mdev_32525
+#
--- a/mysql-test/suite/sys_vars/t/mdev_32525.test
+++ b/mysql-test/suite/sys_vars/t/mdev_32525.test
+--echo #
+--echo # MDEV-32525 Server startup fails to validate invalid redirect_url
+--echo #
+--source include/not_embedded.inc
+
+let $error_log= $MYSQLTEST_VARDIR/log/mdev_32525.err;
+let SEARCH_FILE= $error_log;
+--source include/shutdown_mysqld.inc
+# Server start should fail with an invalid --redirect_url
+--error 1
+--exec $MYSQLD_LAST_CMD --redirect_url="mariadbaaa://test" > $error_log 2>&1
+let SEARCH_PATTERN= \[ERROR\].*Invalid redirect_url: mariadbaaa://test;
+--source include/search_pattern_in_file.inc
+
+# Test empty --redirect_url to avoid similar problems as in
+# MDEV-32254.
+--let restart_parameter=--redirect_url=
+--source include/start_mysqld.inc
+select @@redirect_url;
+
+--echo #
+--echo # end of test mdev_32525
+--echo #
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -8679,6 +8679,16 @@ static int get_options(int *argc_ptr, char ***argv_ptr)
    return 1;
  }

+#ifndef EMBEDDED_LIBRARY
+  if (validate_redirect_url(global_system_variables.redirect_url,
+                            strlen(global_system_variables.redirect_url)))
+  {
+    sql_print_error("Invalid redirect_url: %s",
+                    global_system_variables.redirect_url);
+    return 1;
+  }
+#endif
+
  if (opt_disable_networking)
    mysqld_port= mysqld_extra_port= 0;


--- a/sql/set_var.h
+++ b/sql/set_var.h
@@ -465,6 +465,9 @@ inline bool IS_SYSVAR_AUTOSIZE(void *ptr)
 bool fix_delay_key_write(sys_var *self, THD *thd, enum_var_type type);

 sql_mode_t expand_sql_mode(sql_mode_t sql_mode);
+#ifndef EMBEDDED_LIBRARY
+bool validate_redirect_url(char *str, size_t len);
+#endif
 const char *sql_mode_string_representation(uint bit_number);
 bool sql_mode_string_representation(THD *thd, sql_mode_t sql_mode,
                                    LEX_CSTRING *ls);

--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -6905,14 +6905,8 @@ static Sys_var_ulonglong Sys_max_session_mem_used(
 @retval false  The string is valid
 @retval true   The string is invalid
 */
-static bool sysvar_validate_redirect_url(sys_var *self, THD *thd,
-                                         set_var *var)
+export bool validate_redirect_url(char *str, size_t len)
 {
-  /* NULL is invalid. */
-  if (check_not_null(self, thd, var))
-    return true;
-  char *str= var->save_result.string_value.str;
-  size_t len= var->save_result.string_value.length;
  LEX_CSTRING mysql_prefix= {STRING_WITH_LEN("mysql://")};
  LEX_CSTRING maria_prefix= {STRING_WITH_LEN("mariadb://")};
  /* Empty string is valid */
@@ -6948,6 +6942,17 @@ static bool sysvar_validate_redirect_url(sys_var *self, THD *thd,
  return false;
 }

+static bool sysvar_validate_redirect_url(sys_var *self, THD *thd,
+                                         set_var *var)
+{
+  /* NULL is invalid. */
+  if (check_not_null(self, thd, var))
+    return true;
+  char *str= var->save_result.string_value.str;
+  size_t len= var->save_result.string_value.length;
+  return validate_redirect_url(str, len);
+}
+
 static Sys_var_charptr Sys_redirect_url(
       "redirect_url",
       "URL of another server to redirect clients to. "