On 11/23/2010 10:22 AM, Alexander Nozdrin wrote:
> Hi Mats,
> thank you for the patch. The fix itself is understandable and correct.
> However, I'm thinking about the following things:
> - how about adding a test case?
> - could you please add a comment similar to the one in sql_udf.cc
> (about Windows-specificity)?
> - while we're at it, could you please grep for FN_LIBCHAR and make
> sure all other places are covered properly? I glanced over the "grep
> results" and few places looked suspicious to me...
> - may be it's time we introduce a new function to look for "path
> delimiters", and use it here, there and elsewhere (at least
> in sql_udf.cc and in sql_pluginc.cc)?
> Thank you!
Thank you Alik!
I will in that case implement a "path checking function" with other
relevant functions (such as my_strspn) and use that instead in both
sql_udf and sql_plugin.
> On 22.11.2010 18:10, Mats Kindahl wrote:
>> #At file:///home/bzr/bugs/b58246-5.1-bugteam/ based on
>> 3508 Mats Kindahl 2010-11-22
>> BUG#58246: INSTALL PLUGIN not secure& crashable
>> When installing plugins, there is a missing check
>> for slash (/) in the path on Windows. Note that on
>> Windows, both / and \ can be used to separate
>> This patch fixes the issue by adding a check for /
>> on Windows, similar to how it is done in sql_udf.cc.
>> === modified file 'sql/sql_plugin.cc'
>> --- a/sql/sql_plugin.cc 2010-08-05 12:10:24 +0000
>> +++ b/sql/sql_plugin.cc 2010-11-22 15:09:51 +0000
>> @@ -361,6 +361,7 @@ static st_plugin_dl *plugin_dl_add(const
>> plugin directory are used (to make this even remotely secure).
>> if (my_strchr(files_charset_info, dl->str, dl->str + dl->length,
>> FN_LIBCHAR) ||
>> + IF_WIN(my_strchr(files_charset_info, dl->str, dl->str +
>> dl->length, '/'), 0) ||
>> check_string_char_length((LEX_STRING *) dl, "", NAME_CHAR_LEN,
>> system_charset_info, 1) ||
>> plugin_dir_len + dl->length + 1>= FN_REFLEN)