While performing SAST scanning using Cppcheck against source code of
commit 81196469, several code vulnerabilities were found.
Fix following issues:
1. Parameters of `snprintf` function are incorrect.
Cppcheck error:
client/mysql_plugin.c:1228: error: snprintf format string requires 6 parameters but only 5 are given.
It is due to commit 630d7229 introduced option `--lc-messages-dir`
in the bootstrap command. However the parameter was not even given
in the `snprintf` after changing the format string.
Fix:
Restructure the code logic and correct the function parameters for
`snprintf`.
2. Null pointer is used in a `snprintf` which could cause a crash.
Cppcheck error:
extra/mariabackup/xbcloud.cc:2534: error: Null pointer dereference
The code intended to print the swift_project name, if the
opt_swift_project_id is NULL but opt_swift_project is not NULL.
However the parameter of `snprintf` was mistakenly using
`opt_swift_project_id`.
Fix:
Change to use the correct string from `opt_swift_project`.
3. Potential double release of a memory
Cppcheck error:
plugin/auth_pam/testing/pam_mariadb_mtr.c:69: error: Memory pointed to by 'resp' is freed twice.
A pointer `resp` is reused and allocated new memory after it has been
freed. However, `resp` was not set to NULL after freed.
Potential double release of the same pointer if the call back
function doesn't allocate new memory for `resp` pointer.
Fix:
Set the `resp` pointer to NULL after the first free() to make sure
the same address is not freed twice.
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the
BSD-new license. I am contributing on behalf of my employer Amazon Web
Services, Inc.
buggy regexp in old CPackRPM.cmake:
string(REGEX REPLACE "%[A-Za-z0-9\(\),-]* " "" F_PATH ${F})
string(REGEX MATCH "%[A-Za-z0-9\(\),-]*" F_PREFIX ${F})
it treats everything after the first space as a path
Buggy sepdebugcrcfix in CentOS 7 (rpm-4.11.3) does not restore
SUID bit after editing the binary. This is fixed in rpm-4.12.
Still let's not set SUID bit when installing auth_pam_tool
and use rpm spec %attr directive instead.
Compiler warnings generated on building MariaDB server for BSD has the same
reason as in case building is performed on MacOS. Both platforms do use
clang as a C/C++ compiler. So, fix the compiler warnings in case the compiler
is clang doesn't matter what kind of building platform do we use for building.
This is a follow-up patch for the following bug reports:
MDEV-23564: CMAKE failing due to deprecated Apple GSS method
MDEV-23935: Fix warnings generated during compilation of
plugin/auth_pam/testing/pam_mariadb_mtr.c on MacOS
This patch moves definitions of macros variables
HAVE_PAM_SYSLOG, HAVE_PAM_EXT_H, HAVE_PAM_APPL_H, HAVE_STRNDUP
from command line (in the form -Dmacros) to the auto-generated
header file config_auth_pam.h
Compiler warnings like one listed below are generated during server build on MacOS:
[88%] Building C object plugin/auth_pam/CMakeFiles/pam_user_map.dir/mapper/pam_user_map.c.o
mariadb/server-10.2/plugin/auth_pam/mapper/pam_user_map.c:87:41: error: passing
'gid_t *' (aka 'unsigned int *') to parameter of type 'int *' converts between pointers to integer types
with different sign [-Werror,-Wpointer-sign]
if (getgrouplist(user, user_group_id, loc_groups, &ng) < 0)
^~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX10.15.sdk/usr/include/unistd.h:650:43: note:
passing argument to parameter here
int getgrouplist(const char *, int, int *, int *);
^
In case MariaDB server is build with -DCMAKE_BUILD_TYPE=Debug it results in
build error.
The reason of compiler warnings is that declaration of the Posix C API function
getgrouplist() on MacOS differs from declaration of getgrouplist() proposed
by Posix.
To suppress this compiler warning cmake configure was adapted to detect what
kind of getgrouplist() function is declared on the build platform and
set the macros HAVE_POSIX_GETGROUPLIST in case the building platform supports
Posix compatible interface for the getgrouplist() function. Depending on
whether this macros is set the compatible type of arguments is used to pass
parameter values to the function.
During build server 10.4 on MacOS warnings like the following one
are generated on compiling the file plugin/auth_pam/testing/pam_mariadb_mtr.c
server-10.4/plugin/auth_pam/testing/pam_mariadb_mtr.c:25:22: error:
initializing 'char *' with an expression of type 'const char [23]'
discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
{ PAM_TEXT_INFO, "Challenge input first." }
The reason of the warnings is that the data member pam_message::msg is declared
as 'char *' on MacOS but initializer of the data member is 'const char *'.
To eliminate warnings the compiler option
-Wno-incompatible-pointer-types-discards-qualifiers
has been added to the compiler flags used for compiling the file
pam_mariadb_mtr.c.
The auth_pam_tool that is executed from pam_auth() can be still
not finished by the time we do the waitpid() there.
As we use WNOHANG option for the waitpid(), it didn't wait and
left the zombie process. So let's do the loop of waitpid() with the
limited number of sleeps.
added cmake checks for pam_ext.h and pam_appl.h headers
added check for pam_syslog()
added pam_syslog() if doesn't exist
all cmake checks performed from inside the plugin
- Initialize variables that could be used uninitialized
- Added extra end space to DbugStringItemTypeValue to get rid of warnings
from c_ptr()
- Session_sysvars_tracker::update() accessed unitialized memory if called
with NULL value.
- get_schema_stat_record() accessed unitialized memory if HA_KEY_LONG_HASH
was used
- parse_vcol_defs() accessed random memory for tables without keys.
* fix incorrect parentheses
* if there was no password on the command line or in .cnf file,
pkt will be "", and we need to request the user to enter the password
* wait() for the child process to die, let it rest in peace
* fix incorrect parentheses
* if there was no password on the command line or in .cnf file,
pkt will be "", and we need to request the user to enter the password
* make sure that auth->salt is always allocated on a permanent memroot.
when called from set_user_salt_if_needed(), user_copy and its auth_str
are on the thd memroot, but auth_copy->salt is then copied to auth->salt
* adjust service files so that systemd wouldn't interfere with our
setuid executables
also
* print the pam error message in debug mode
this matches the common behavior with pam_unix and helps to
catch password related errors
also, use abort() instead of sigsegv to avoid polluting
/var/log/messages with intentional crashes