diff --git a/myisam/mi_open.c b/myisam/mi_open.c index 077d8c7da3a150f52b9e1f34f3b065e36e99c519..60049325c5c642d5fd5128febe9d381f3b061839 100644 --- a/myisam/mi_open.c +++ b/myisam/mi_open.c @@ -35,6 +35,14 @@ static void setup_key_functions(MI_KEYDEF *keyinfo); pos+=size;} +#define disk_pos_assert(pos, end_pos) \ +if (pos > end_pos) \ +{ \ + my_errno=HA_ERR_CRASHED; \ + goto err; \ +} + + /****************************************************************************** ** Return the shared struct if the table is already open. ** In MySQL the server will handle version issues. @@ -70,7 +78,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) key_parts,unique_key_parts,tmp_length,uniques; char name_buff[FN_REFLEN], org_name [FN_REFLEN], index_name[FN_REFLEN], data_name[FN_REFLEN]; - char *disk_cache,*disk_pos; + char *disk_cache, *disk_pos, *end_pos; MI_INFO info,*m_info,*old_info; MYISAM_SHARE share_buff,*share; ulong rec_per_key_part[MI_MAX_POSSIBLE_KEY*MI_MAX_KEY_SEG]; @@ -138,11 +146,12 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) info_length=mi_uint2korr(share->state.header.header_length); base_pos=mi_uint2korr(share->state.header.base_pos); - if (!(disk_cache=(char*) my_alloca(info_length))) + if (!(disk_cache=(char*) my_alloca(info_length+128))) { my_errno=ENOMEM; goto err; } + end_pos=disk_cache+info_length; errpos=2; VOID(my_seek(kfile,0L,MY_SEEK_SET,MYF(0))); @@ -288,6 +297,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) for (i=0 ; i < keys ; i++) { disk_pos=mi_keydef_read(disk_pos, &share->keyinfo[i]); + disk_pos_assert(disk_pos + share->keyinfo[i].keysegs * MI_KEYSEG_SIZE, + end_pos); set_if_smaller(share->blocksize,share->keyinfo[i].block_length); share->keyinfo[i].seg=pos; for (j=0 ; j < share->keyinfo[i].keysegs; j++,pos++) @@ -319,6 +330,8 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) for (i=0 ; i < uniques ; i++) { disk_pos=mi_uniquedef_read(disk_pos, &share->uniqueinfo[i]); + disk_pos_assert(disk_pos + share->uniqueinfo[i].keysegs * + MI_KEYSEG_SIZE, end_pos); share->uniqueinfo[i].seg=pos; for (j=0 ; j < share->uniqueinfo[i].keysegs; j++,pos++) { @@ -344,6 +357,7 @@ MI_INFO *mi_open(const char *name, int mode, uint open_flags) for (i=0 ; i < keys ; i++) setup_key_functions(share->keyinfo+i); + disk_pos_assert(disk_pos + share->base.fields *MI_COLUMNDEF_SIZE, end_pos); for (i=j=offset=0 ; i < share->base.fields ; i++) { disk_pos=mi_recinfo_read(disk_pos,&share->rec[i]); diff --git a/mysys/default.c b/mysys/default.c index c354e1744bcd21ff420cb91108ba9819aa636694..cfdda17fb5f8198966153e77c818560f71341184 100644 --- a/mysys/default.c +++ b/mysys/default.c @@ -38,6 +38,7 @@ #include "mysys_priv.h" #include "m_string.h" #include "m_ctype.h" +#include <my_dir.h> char *defaults_extra_file=0; @@ -61,13 +62,13 @@ DATADIR, NullS, }; -#define default_ext ".cnf" /* extension for config file */ +#define default_ext ".cnf" /* extension for config file */ #ifdef __WIN__ #include <winbase.h> #define windows_ext ".ini" #endif -static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc, +static my_bool search_default_file(DYNAMIC_ARRAY *args,MEM_ROOT *alloc, const char *dir, const char *config_file, const char *ext, TYPELIB *group); @@ -242,6 +243,20 @@ static my_bool search_default_file(DYNAMIC_ARRAY *args, MEM_ROOT *alloc, { strmov(name,config_file); } + fn_format(name,name,"","",4); +#if !defined(__WIN__) && !defined(OS2) + { + MY_STAT stat_info; + if (!my_stat(name,&stat_info,MYF(0))) + return 0; + if (stat_info.st_mode & S_IWOTH) /* ignore world-writeable files */ + { + fprintf(stderr, "warning: World-writeable config file %s is ignored\n", + name); + return 0; + } + } +#endif if (!(fp = my_fopen(fn_format(name,name,"","",4),O_RDONLY,MYF(0)))) return 0; /* Ignore wrong files */ diff --git a/sql/mysqld.cc b/sql/mysqld.cc index daa5bfcc7ffa7c665c08caadf6cee2026e61e83e..411c9778c3e401f7e68fe941d19da658c427202f 100644 --- a/sql/mysqld.cc +++ b/sql/mysqld.cc @@ -4225,7 +4225,7 @@ get_one_option(int optid, const struct my_option *opt __attribute__((unused)), if (!mysqld_user) mysqld_user= argument; else - fprintf(stderr, "Warning: Ignoring user change to '%s' becasue the user is set to '%s' earlier on the command line\n", argument, mysqld_user); + fprintf(stderr, "Warning: Ignoring user change to '%s' because the user was set to '%s' earlier on the command line\n", argument, mysqld_user); break; case 'L': strmake(language, argument, sizeof(language)-1);