MDEV-25343 add read secret size in file key plugin

author: kurt <dingweiqings@163.com> 2022-09-21 11:29:07 +0800
committer: Daniel Black <daniel@mariadb.org> 2022-10-19 16:44:16 +1100
commit: cee7175b79a22c29a82ef328aba208f90afcea86 (patch)
tree: 99e5bc7d74c0566a5b8ef8de33e90d542cdcf566 /plugin
parent: 64d85c369bb67c47cdc87c517c1716742ec14c59 (diff)
download: mariadb-git-cee7175b79a22c29a82ef328aba208f90afcea86.tar.gz
1 files changed, 12 insertions, 1 deletions
diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 5a9e5e55d63..8e78e230964 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -174,13 +174,24 @@ bool Parser::read_filekey(const char *filekey, char *secret)
     return 1;
   }
 
-  int len= read(f, secret, MAX_SECRET_SIZE);
+  int len= read(f, secret, MAX_SECRET_SIZE + 1);
   if (len <= 0)
   {
     my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
     close(f);
     return 1;
   }
+
+  if (len > MAX_SECRET_SIZE)
+  {
+    my_printf_error(EE_READ,
+                    "Cannot decrypt %s, the secret file has incorrect length, "
+                    "max secret size is %dB ",
+                    ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
+    close(f);
+    return 1;
+  }
+
   close(f);
   while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
   secret[len]= '\0';
author	kurt <dingweiqings@163.com>	2022-09-21 11:29:07 +0800
committer	Daniel Black <daniel@mariadb.org>	2022-10-19 16:44:16 +1100
commit	cee7175b79a22c29a82ef328aba208f90afcea86 (patch)
tree	99e5bc7d74c0566a5b8ef8de33e90d542cdcf566 /plugin
parent	64d85c369bb67c47cdc87c517c1716742ec14c59 (diff)
download	mariadb-git-cee7175b79a22c29a82ef328aba208f90afcea86.tar.gz