• Mats Kindahl's avatar
    BUG#58246: INSTALL PLUGIN not secure & crashable · fc9f3efa
    Mats Kindahl authored
    When installing plugins, there is a missing check
    for slash (/) in the path on Windows. Note that on
    Windows, both / and \ can be used to separate
    directories.
    
    This patch fixes the issue by:
    - Adding a FN_DIRSEP symbol for all platforms
      consisting of a string of legal directory
      separators.
    - Adding a charset-aware version of strcspn().
    - Adding a check_valid_path() function that uses
      my_strcspn() to check if any FN_DIRSEP character
      is in the supplied string.
    - Using the check_valid_path() function in
      sql_plugin.cc and sql_udf.cc (which means
      replacing the existing test there).
    
    include/config-netware.h:
      Adding FN_DIRSEP
      ******
      Adding FN_DIRSEP
    include/config-win.h:
      Adding FN_DIRSEP
      ******
      Adding FN_DIRSEP
    include/m_ctype.h:
      Adding my_strspn() and my_strcspn().
      
      ******
      Adding my_strspn() and my_strcspn().
    include/my_global.h:
      Adding FN_DIRSEP
      ******
      Adding FN_DIRSEP
    mysql-test/t/plugin_not_embedded.test:
      Adding test that file names containing / is
      disallowed on *all* platforms.
      ******
      Adding test that file names containing / is
      disallowed on *all* platforms.
    sql/sql_plugin.cc:
      Introducing check_if_path() function for
      checking if filename is a path to include
      / on Windows.
      ******
      Introducing check_if_path() function for
      checking if filename is a path to include
      / on Windows.
    sql/sql_udf.cc:
      Switching to use check_if_path() function.
      ******
      Switching to use check_if_path() function.
    strings/my_strchr.c:
      Adding my_strspn() and my_strcspn().
      ******
      Adding my_strspn() and my_strcspn().
    fc9f3efa
sql_plugin.cc 101 KB