diff options
| author | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
|---|---|---|
| committer | Mats Kindahl <mats.kindahl@oracle.com> | 2010-12-01 13:54:50 +0100 |
| commit | 91a4a8aba6b087c908e3d29ccfbb7ff97d19dea7 (patch) | |
| tree | d1f2687923ea72c7120814a13560cc11581cfa76 /sql/sql_plugin.h | |
| parent | 80246ac8b8d0d2db08feae2a643a3dc89f9022d6 (diff) | |
| download | mariadb-git-91a4a8aba6b087c908e3d29ccfbb7ff97d19dea7.tar.gz | |
BUG#58246: INSTALL PLUGIN not secure & crashable
When installing plugins, there is a missing check
for slash (/) in the path on Windows. Note that on
Windows, both / and \ can be used to separate
directories.
This patch fixes the issue by:
- Adding a FN_DIRSEP symbol for all platforms
consisting of a string of legal directory
separators.
- Adding a charset-aware version of strcspn().
- Adding a check_valid_path() function that uses
my_strcspn() to check if any FN_DIRSEP character
is in the supplied string.
- Using the check_valid_path() function in
sql_plugin.cc and sql_udf.cc (which means
replacing the existing test there).
Diffstat (limited to 'sql/sql_plugin.h')
| -rw-r--r-- | sql/sql_plugin.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sql/sql_plugin.h b/sql/sql_plugin.h index 004d0d5abb7..72984865807 100644 --- a/sql/sql_plugin.h +++ b/sql/sql_plugin.h @@ -131,6 +131,7 @@ extern bool mysql_uninstall_plugin(THD *thd, const LEX_STRING *name); extern bool plugin_register_builtin(struct st_mysql_plugin *plugin); extern void plugin_thdvar_init(THD *thd); extern void plugin_thdvar_cleanup(THD *thd); +extern bool check_valid_path(const char *path, size_t length); typedef my_bool (plugin_foreach_func)(THD *thd, plugin_ref plugin, |