3840 Nuno Carvalho 2012-02-03
BUG#11758581 - 50801: CHANGE MASTER ACCEPTS BOGUS VARIABLES
CHANGE MASTER command did not check invalid characters on its
parameters. Also on server restart, invalid values were trimmed causing
the loss of part of the variables value.
SQL parser was improved to prohibit the use of new line characters on
CHANGE MASTER variables, throwing a ER_WRONG_VALUE error when such
character is used.
modified:
mysql-test/suite/rpl/r/rpl_change_master.result
mysql-test/suite/rpl/t/rpl_change_master.test
sql/sql_yacc.yy
3839 Tor Didriksen 2012-02-03
All the subquery_sj_xxx tests can get thread stack overrun on solaris
modified:
mysql-test/collections/default.experimental
=== modified file 'mysql-test/suite/rpl/r/rpl_change_master.result'
--- a/mysql-test/suite/rpl/r/rpl_change_master.result 2011-11-19 08:08:03 +0000
+++ b/mysql-test/suite/rpl/r/rpl_change_master.result 2012-02-03 18:09:00 +0000
@@ -96,4 +96,26 @@ drop table t1;
include/stop_slave.inc
CHANGE MASTER TO master_host='SAVE_MASTER_HOST';
include/start_slave.inc
+include/stop_slave.inc
+CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='', MASTER_PORT=MASTER_PORT;
+ERROR HY000: Incorrect arguments to MASTER_HOST
+CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='127.0.0.1\n127.0.0.1', MASTER_PORT=MASTER_PORT;
+ERROR HY000: Incorrect argument contains not-allowed LF value: '127.0.0.1
+127.0.0.1'
+CHANGE MASTER TO MASTER_USER='root\n', MASTER_HOST='master2.mycompany.com', MASTER_PORT=MASTER_PORT, MASTER_USER='replication', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.001', MASTER_LOG_POS=4;
+ERROR HY000: Incorrect argument contains not-allowed LF value: 'root
+'
+CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='master2.mycompany.com', MASTER_PORT=MASTER_PORT, MASTER_USER='repli\ncation', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.001', MASTER_LOG_POS=4;
+ERROR HY000: Incorrect argument contains not-allowed LF value: 'repli
+cation'
+CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='master2.mycompany.com', MASTER_PORT=MASTER_PORT, MASTER_USER='replication', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.\n001', MASTER_LOG_POS=4;
+ERROR HY000: Incorrect argument contains not-allowed LF value: 'master2-bin.
+001'
+CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='127.0.0.1', MASTER_PORT=MASTER_PORT;
+Warnings:
+Note 1756 Sending passwords in plain text without SSL/TLS is extremely insecure.
+Note 1757 Storing MySQL user name or password information in the master.info repository is not secure and is therefore not recommended. Please see the MySQL Manual for more about this issue and possible alternatives.
+include/start_slave.inc
+Master_Host = '127.0.0.1'
+include/rpl_reset.inc
include/rpl_end.inc
=== modified file 'mysql-test/suite/rpl/t/rpl_change_master.test'
--- a/mysql-test/suite/rpl/t/rpl_change_master.test 2010-12-19 17:25:42 +0000
+++ b/mysql-test/suite/rpl/t/rpl_change_master.test 2012-02-03 18:09:00 +0000
@@ -11,4 +11,50 @@
--source include/master-slave.inc
--source extra/rpl_tests/rpl_change_master.test
+
+
+# BUG#11758581 - 50801: CHANGE MASTER ACCEPTS BOGUS VARIABLES
+# We want to check if CHANGE MASTER values have newline characters.
+connection slave;
+
+###
+### This should fail with error ER_WRONG_ARGUMENTS due to empty MASTER_HOST
+### value.
+###
+--source include/stop_slave.inc
+--replace_result $MASTER_MYPORT MASTER_PORT
+--error ER_WRONG_ARGUMENTS
+eval CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='', MASTER_PORT=$MASTER_MYPORT;
+
+###
+### This should fail with error ER_SYNTAX_ERROR due to newline
+### in string values.
+###
+--replace_result $MASTER_MYPORT MASTER_PORT
+--error ER_WRONG_VALUE
+eval CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='127.0.0.1\n127.0.0.1', MASTER_PORT=$MASTER_MYPORT;
+
+--replace_result $MASTER_MYPORT MASTER_PORT
+--error ER_WRONG_VALUE
+eval CHANGE MASTER TO MASTER_USER='root\n', MASTER_HOST='master2.mycompany.com', MASTER_PORT=$MASTER_MYPORT, MASTER_USER='replication', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.001', MASTER_LOG_POS=4;
+
+--replace_result $MASTER_MYPORT MASTER_PORT
+--error ER_WRONG_VALUE
+eval CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='master2.mycompany.com', MASTER_PORT=$MASTER_MYPORT, MASTER_USER='repli\ncation', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.001', MASTER_LOG_POS=4;
+
+--replace_result $MASTER_MYPORT MASTER_PORT
+--error ER_WRONG_VALUE
+eval CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='master2.mycompany.com', MASTER_PORT=$MASTER_MYPORT, MASTER_USER='replication', MASTER_PASSWORD='bigs3cret', MASTER_LOG_FILE='master2-bin.\n001', MASTER_LOG_POS=4;
+
+###
+### This should be accepted.
+###
+--replace_result $MASTER_MYPORT MASTER_PORT
+eval CHANGE MASTER TO MASTER_USER='root', MASTER_HOST='127.0.0.1', MASTER_PORT=$MASTER_MYPORT;
+
+--source include/start_slave.inc
+--let $status_items= Master_Host
+--source include/show_slave_status.inc
+--source include/rpl_reset.inc
+
--source include/rpl_end.inc
=== modified file 'sql/sql_yacc.yy'
--- a/sql/sql_yacc.yy 2011-12-19 12:53:11 +0000
+++ b/sql/sql_yacc.yy 2012-02-03 18:09:00 +0000
@@ -1504,7 +1504,7 @@ bool my_yyoverflow(short **a, YYSTYPE **
IDENT_sys TEXT_STRING_sys TEXT_STRING_literal
NCHAR_STRING opt_component key_cache_name
sp_opt_label BIN_NUM label_ident TEXT_STRING_filesystem ident_or_empty
- opt_constraint constraint opt_ident
+ opt_constraint constraint opt_ident TEXT_STRING_sys_nonewline
%type <lex_str_ptr>
opt_table_alias
@@ -1983,19 +1983,19 @@ master_defs:
;
master_def:
- MASTER_HOST_SYM EQ TEXT_STRING_sys
+ MASTER_HOST_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.host = $3.str;
}
- | MASTER_BIND_SYM EQ TEXT_STRING_sys
+ | MASTER_BIND_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.bind_addr = $3.str;
}
- | MASTER_USER_SYM EQ TEXT_STRING_sys
+ | MASTER_USER_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.user = $3.str;
}
- | MASTER_PASSWORD_SYM EQ TEXT_STRING_sys
+ | MASTER_PASSWORD_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.password = $3.str;
}
@@ -2027,23 +2027,23 @@ master_def:
Lex->mi.ssl= $3 ?
LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE;
}
- | MASTER_SSL_CA_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CA_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_ca= $3.str;
}
- | MASTER_SSL_CAPATH_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CAPATH_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_capath= $3.str;
}
- | MASTER_SSL_CERT_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CERT_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_cert= $3.str;
}
- | MASTER_SSL_CIPHER_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CIPHER_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_cipher= $3.str;
}
- | MASTER_SSL_KEY_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_KEY_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_key= $3.str;
}
@@ -2052,11 +2052,11 @@ master_def:
Lex->mi.ssl_verify_server_cert= $3 ?
LEX_MASTER_INFO::LEX_MI_ENABLE : LEX_MASTER_INFO::LEX_MI_DISABLE;
}
- | MASTER_SSL_CRL_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CRL_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_crl= $3.str;
}
- | MASTER_SSL_CRLPATH_SYM EQ TEXT_STRING_sys
+ | MASTER_SSL_CRLPATH_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.ssl_crlpath= $3.str;
}
@@ -2121,7 +2121,7 @@ ignore_server_id:
}
master_file_def:
- MASTER_LOG_FILE_SYM EQ TEXT_STRING_sys
+ MASTER_LOG_FILE_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.log_file_name = $3.str;
}
@@ -2141,7 +2141,7 @@ master_file_def:
*/
Lex->mi.pos = max<ulonglong>(BIN_LOG_HEADER_SIZE, Lex->mi.pos);
}
- | RELAY_LOG_FILE_SYM EQ TEXT_STRING_sys
+ | RELAY_LOG_FILE_SYM EQ TEXT_STRING_sys_nonewline
{
Lex->mi.relay_log_name = $3.str;
}
@@ -12814,6 +12814,19 @@ IDENT_sys:
}
}
;
+
+TEXT_STRING_sys_nonewline:
+ TEXT_STRING_sys
+ {
+ if (!strcont($1.str, "\n"))
+ $$= $1;
+ else
+ {
+ my_error(ER_WRONG_VALUE, MYF(0), "argument contains not-allowed LF", $1.str);
+ MYSQL_YYABORT;
+ }
+ }
+ ;
TEXT_STRING_sys:
TEXT_STRING
No bundle (reason: useless for push emails).
| Thread |
|---|
| • bzr push into mysql-trunk branch (nuno.carvalho:3839 to 3840) Bug#11758581 | Nuno Carvalho | 6 Feb |
