diff options
author | Sergei Golubchik <serg@mariadb.org> | 2019-07-24 13:14:03 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2019-07-24 18:32:24 +0200 |
commit | 8ddb7e3eb71010decd5acc99aa98c82bbe0139aa (patch) | |
tree | a46cb1862af0d15a431c6dc07794c802ad3c33bc /sql/sql_plugin.cc | |
parent | 5e8ab9b7af159cee6e954f62b6304c2c33b6f6e2 (diff) | |
download | mariadb-git-8ddb7e3eb71010decd5acc99aa98c82bbe0139aa.tar.gz |
Bug#27167197 USING ? IN INSTALL PLUGIN QUERY ABORTS DEBUG, AND HANGS OPTIMIZED SERVER
check_valid_path() uses my_strcspn() that cannot handle invalid characters
properly. This is fixed by a big refactoring in 10.2 (MDEV-6353).
For 5.5, let's simply swap tests, because check_string_char_length()
rejects invalid characters just fine.
Diffstat (limited to 'sql/sql_plugin.cc')
-rw-r--r-- | sql/sql_plugin.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/sql_plugin.cc b/sql/sql_plugin.cc index 91d0a4393c5..a90c7558045 100644 --- a/sql/sql_plugin.cc +++ b/sql/sql_plugin.cc @@ -736,9 +736,9 @@ static st_plugin_dl *plugin_dl_add(const LEX_STRING *dl, int report) This is done to ensure that only approved libraries from the plugin directory are used (to make this even remotely secure). */ - if (check_valid_path(dl->str, dl->length) || - check_string_char_length((LEX_STRING *) dl, "", NAME_CHAR_LEN, + if (check_string_char_length((LEX_STRING *) dl, "", NAME_CHAR_LEN, system_charset_info, 1) || + check_valid_path(dl->str, dl->length) || plugin_dir_len + dl->length + 1 >= FN_REFLEN) { report_error(report, ER_UDF_NO_PATHS); |