mirror of
https://github.com/zebrajr/server.git
synced 2025-12-07 12:21:06 +01:00
fc9f3efaec
When installing plugins, there is a missing check for slash (/) in the path on Windows. Note that on Windows, both / and \ can be used to separate directories. This patch fixes the issue by: - Adding a FN_DIRSEP symbol for all platforms consisting of a string of legal directory separators. - Adding a charset-aware version of strcspn(). - Adding a check_valid_path() function that uses my_strcspn() to check if any FN_DIRSEP character is in the supplied string. - Using the check_valid_path() function in sql_plugin.cc and sql_udf.cc (which means replacing the existing test there). include/config-netware.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/config-win.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP include/m_ctype.h: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn(). include/my_global.h: Adding FN_DIRSEP ****** Adding FN_DIRSEP mysql-test/t/plugin_not_embedded.test: Adding test that file names containing / is disallowed on *all* platforms. ****** Adding test that file names containing / is disallowed on *all* platforms. sql/sql_plugin.cc: Introducing check_if_path() function for checking if filename is a path to include / on Windows. ****** Introducing check_if_path() function for checking if filename is a path to include / on Windows. sql/sql_udf.cc: Switching to use check_if_path() function. ****** Switching to use check_if_path() function. strings/my_strchr.c: Adding my_strspn() and my_strcspn(). ****** Adding my_strspn() and my_strcspn().
32 lines
862 B
Plaintext
32 lines
862 B
Plaintext
--source include/not_embedded.inc
|
|
--source include/have_example_plugin.inc
|
|
|
|
--echo #
|
|
--echo # Bug#51770: UNINSTALL PLUGIN requires no privileges
|
|
--echo #
|
|
|
|
GRANT INSERT ON mysql.plugin TO bug51770@localhost;
|
|
connect(con1,localhost,bug51770,,);
|
|
--replace_regex /\.dll/.so/
|
|
eval INSTALL PLUGIN example SONAME $HA_EXAMPLE_SO;
|
|
--error ER_TABLEACCESS_DENIED_ERROR
|
|
UNINSTALL PLUGIN example;
|
|
connection default;
|
|
GRANT DELETE ON mysql.plugin TO bug51770@localhost;
|
|
connection con1;
|
|
UNINSTALL PLUGIN example;
|
|
disconnect con1;
|
|
connection default;
|
|
DROP USER bug51770@localhost;
|
|
|
|
#
|
|
# BUG#58246: INSTALL PLUGIN not secure & crashable
|
|
#
|
|
# The bug consisted of not recognizing / on Windows, so checking / on
|
|
# all platforms should cover this case.
|
|
|
|
let $path = `select CONCAT_WS('/', '..', $HA_EXAMPLE_SO)`;
|
|
--error ER_UDF_NO_PATHS
|
|
eval INSTALL PLUGIN example SONAME '$path';
|
|
|