mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
200230 commits 2789 branches 343 tags 1.7 GiB
Commit graph

20 commits

Author SHA1 Message Date
Oleksandr Byelkin
f52954ef42 Merge commit '10.4' into 10.5 2023-07-20 11:54:52 +02:00
Mikhail Chalov
2ff01e763e Fix insecure use of strcpy, strcat and sprintf in Connect 
Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
security issues due to lacking memory boundary checks. Replace these in the
Connect storage engine with safe new and/or custom functions such as
`snprintf()` `safe_strcpy()` and `safe_strcat()`.

With this change FlawFinder and other static security analyzers report 287
fewer findings.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.
 2023-05-12 15:37:00 +01:00
Oleksandr Byelkin
a977054ee0 Merge branch '10.3' into 10.4 2023-01-28 18:22:55 +01:00
Oleksandr Byelkin
7fa02f5c0b Merge branch '10.4' into 10.5 2023-01-27 13:54:14 +01:00
Oleksandr Byelkin
dd24fa3063 Merge branch '10.3' into 10.4 2023-01-26 10:34:26 +01:00
Mikhail Chalov
567b681299 Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 
The MariaDB code base uses strcat() and strcpy() in several
places. These are known to have memory safety issues and their usage is
discouraged. Common security scanners like Flawfinder flags them. In MariaDB we
should start using modern and safer variants on these functions.

This is similar to memory issues fixes in 19af1890b5
and 9de9f105b5 but now replace use of strcat()
and strcpy() with safer options strncat() and strncpy().

However, add '\0' forcefully to make sure the result string is correct since
for these two functions it is not guaranteed what new string will be null-terminated.

Example:

    size_t dest_len = sizeof(g->Message);
    strncpy(g->Message, "Null json tree", dest_len); strncat(g->Message, ":",
    sizeof(g->Message) - strlen(g->Message)); size_t wrote_sz = strlen(g->Message);
    size_t cur_len = wrote_sz >= dest_len ? dest_len - 1 : wrote_sz;
    g->Message[cur_len] = '\0';

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services

-- Reviewer and co-author Vicențiu Ciorbaru <vicentiu@mariadb.org>
-- Reviewer additions:
* The initial function implementation was flawed. Replaced with a simpler
  and also correct version.
* Simplified code by making use of snprintf instead of chaining strcat.
* Simplified code by removing dynamic string construction in the first
  place and using static strings if possible. See connect storage engine
  changes.
 2023-01-20 15:18:52 +02:00
Marko Mäkelä
098c0f2634 Merge 10.4 into 10.5 2022-07-27 17:17:24 +03:00
Oleksandr Byelkin
3bb36e9495 Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
Mikhail Chalov
19af1890b5 Use memory safe snprintf() in Connect Engine 
This commit replaces sprintf(buf, ...) with
snprintf(buf, sizeof(buf), ...),
specifically in the "easy" cases where buf is allocated with a size
known at compile time.

The changes make sure we are not write outside array/string bounds which
will lead to undefined behaviour. In case the code is trying to write
outside bounds - safe version of functions simply cut the string
messages so we process this gracefully.

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license.  I am contributing on behalf of my employer Amazon Web Services,
Inc.

bsonudf.cpp warnings cleanup by Daniel Black

Reviewer: Daniel Black
 2022-07-26 16:28:59 +10:00
Oleksandr Byelkin
ae6bdc6769 Merge branch '10.4' into 10.5 2021-07-31 23:19:51 +02:00
Oleksandr Byelkin
7841a7eb09 Merge branch '10.3' into 10.4 2021-07-31 22:59:58 +02:00
Olivier Bertrand
5f64276fb2 - Fix MDEV-25863 : Replace __WIN__ by _WIN32 
modified:   storage/connect/array.cpp
  modified:   storage/connect/blkfil.cpp
  modified:   storage/connect/block.h
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/cmgoconn.cpp
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/domdoc.cpp
  modified:   storage/connect/filamap.cpp
  modified:   storage/connect/filamdbf.cpp
  modified:   storage/connect/filamfix.cpp
  modified:   storage/connect/filamgz.cpp
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamvct.cpp
  modified:   storage/connect/filamzip.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/filter.h
  modified:   storage/connect/fmdlex.c
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/javaconn.cpp
  modified:   storage/connect/javaconn.h
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/jmgfam.cpp
  modified:   storage/connect/json.cpp
  modified:   storage/connect/macutil.cpp
  modified:   storage/connect/macutil.h
  modified:   storage/connect/maputil.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/myconn.cpp
  modified:   storage/connect/myconn.h
  modified:   storage/connect/myutil.cpp
  modified:   storage/connect/odbconn.cpp
  modified:   storage/connect/odbconn.h
  modified:   storage/connect/os.h
  modified:   storage/connect/osutil.c
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/rcmsg.c
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/reldef.h
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabext.cpp
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabjdbc.cpp
  modified:   storage/connect/tabmac.cpp
  modified:   storage/connect/tabmac.h
  modified:   storage/connect/tabmul.cpp
  modified:   storage/connect/tabmul.h
  modified:   storage/connect/tabmysql.cpp
  modified:   storage/connect/taboccur.cpp
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabpivot.cpp
  modified:   storage/connect/tabrest.cpp
  modified:   storage/connect/tabrest.h
  modified:   storage/connect/tabsys.cpp
  modified:   storage/connect/tabtbl.cpp
  modified:   storage/connect/tabutil.cpp
  modified:   storage/connect/tabvct.cpp
  modified:   storage/connect/tabwmi.cpp
  modified:   storage/connect/tabxcl.cpp
  modified:   storage/connect/tabxml.cpp
  modified:   storage/connect/valblk.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/xindex.cpp
  modified:   storage/connect/xindex.h

- Fix Date errors and SSL warnings
  modified:   storage/connect/mysql-test/connect/r/jdbc.result
  modified:   storage/connect/mysql-test/connect/r/jdbc_new.result
  modified:   storage/connect/mysql-test/connect/t/jdbc.test
  modified:   storage/connect/mysql-test/connect/t/jdbc_new.test

- Update java source files
  modified:   storage/connect/Mongo2Interface.java
  modified:   storage/connect/Mongo3Interface.java
  added:      storage/connect/Client2.java
  added:      storage/connect/Client3.java
  added:      storage/connect/TestInsert2.java
  added:      storage/connect/TestInsert3.java
 2021-06-08 17:44:43 +02:00
Marko Mäkelä
8b6cfda631 Merge 10.4 into 10.5 2020-02-07 08:51:20 +02:00
Monty
4d61f1247a Fixed compiler warnings from gcc 7.4.1 
- Fixed possible error in rocksdb/rdb_datadic.cc
 2020-01-29 23:23:55 +02:00
Monty
a38f47e90c Fixed compiler warnings from connect engine 
- clang complains about register in C++
- Removed not used variables
- Fixed bug when printing date in filamdbf.cpp
- Added {} to fix warning about dangling else
- Changed connect_done_func() to be global to remove conflict with header
  files
- Added extra () around assignment in if
 2019-08-23 22:03:54 +02:00
Olivier Bertrand
175ce0e7f5 - Remove warning on not used tabtyp variable in connect_assisted_discovery 
modified:   storage/connect/ha_connect.cc

- Fix a bug causing CONNECT to loop when expanding a JSON column
  when the expanded column value is null or void array.
- Adding the FullArray option to JSON tables.
- Skipping expanded JSON lines when the expanded column value is null.
  modified:   storage/connect/connect.cc
  modified:   storage/connect/tabdos.h
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabjson.h

- Fix MDEV-13353 No file privilege for ODBC, JDBC, MONGO, MAC, WMI file types.
  modified:   storage/connect/ha_connect.cc

- Make some Json UDFs  to accept a non JSON item as 1st parameter.
  modified:   storage/connect/json.cpp
  modified:   storage/connect/json.h
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/jsonudf.h

- Update Json UDF tests to cope with above changes.
  modified:   storage/connect/mysql-test/connect/r/json_udf.result
  modified:   storage/connect/mysql-test/connect/r/json_udf_bin.result
  modified:   storage/connect/mysql-test/connect/r/vcol.result
  modified:   storage/connect/mysql-test/connect/t/json_udf.test
  modified:   storage/connect/mysql-test/connect/t/vcol.test

- Fix some compiler warning treated as error
  PlugSubAlloc no more exported because it does throw.
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabjson.h

- Other files modified (?) when going back to wrong merge
  modified:   storage/connect/CMakeLists.txt
  modified:   storage/connect/array.cpp
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/connect.cc
  modified:   storage/connect/csort.cpp
  modified:   storage/connect/domdoc.cpp
  modified:   storage/connect/filamap.cpp
  modified:   storage/connect/filamgz.cpp
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamzip.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/fmdlex.c
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/macutil.cpp
  modified:   storage/connect/myconn.cpp
  modified:   storage/connect/odbconn.cpp
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/preparse.h
  modified:   storage/connect/rcmsg.c
  modified:   storage/connect/rcmsg.h
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabmac.cpp
  modified:   storage/connect/tabmul.cpp
  modified:   storage/connect/tabmysql.cpp
  modified:   storage/connect/tabmysql.h
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabtbl.cpp
  modified:   storage/connect/tabxml.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/xobject.cpp
 2018-02-25 14:31:28 +01:00
Olivier Bertrand
5abdd20ca9 - Use delayed load for the MongoDB C Drive on Windows 
modified:   storage/connect/CMakeLists.txt
  modified:   storage/connect/cmgoconn.cpp
  modified:   storage/connect/ha_connect.cc

- Add FORCE to the connect_type_conv enum values
  This will translate binary values to TYPE_STRING
  modified:   storage/connect/checklvl.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/odbconn.cpp

- Change the connect_xtrace variable to from int to set
  modified:   storage/connect/array.cpp
  modified:   storage/connect/blkfil.cpp
  modified:   storage/connect/block.h
  modified:   storage/connect/cmgoconn.cpp
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/connect.cc
  modified:   storage/connect/filamap.cpp
  modified:   storage/connect/filamdbf.cpp
  modified:   storage/connect/filamfix.cpp
  modified:   storage/connect/filamgz.cpp
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamvct.cpp
  modified:   storage/connect/filamzip.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/javaconn.cpp
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/jmgfam.cpp
  modified:   storage/connect/jmgoconn.cpp
  modified:   storage/connect/json.cpp
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/mongo.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/myconn.cpp
  modified:   storage/connect/odbconn.cpp
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/tabcol.cpp
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabext.cpp
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabjdbc.cpp
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/table.cpp
  modified:   storage/connect/tabmul.cpp
  modified:   storage/connect/tabmysql.cpp
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabpivot.cpp
  modified:   storage/connect/tabsys.cpp
  modified:   storage/connect/tabtbl.cpp
  modified:   storage/connect/tabutil.cpp
  modified:   storage/connect/tabvct.cpp
  modified:   storage/connect/tabwmi.cpp
  modified:   storage/connect/tabxml.cpp
  modified:   storage/connect/user_connect.cc
  modified:   storage/connect/valblk.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/xindex.cpp

- Restore connect_enable_mongo variable (but undocumented)
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/mysql-test/connect/r/json_java_2.result
  modified:   storage/connect/mysql-test/connect/r/json_java_3.result
  modified:   storage/connect/mysql-test/connect/r/json_mongo_c.result
  modified:   storage/connect/mysql-test/connect/r/mongo_c.result
  modified:   storage/connect/mysql-test/connect/r/mongo_java_2.result
  modified:   storage/connect/mysql-test/connect/r/mongo_java_3.result
  modified:   storage/connect/mysql-test/connect/r/tbl_thread.result
  modified:   storage/connect/mysql-test/connect/t/mongo.inc
  modified:   storage/connect/mysql-test/connect/t/mongo_test.inc
  modified:   storage/connect/mysql-test/connect/t/tbl_thread.test
 2018-01-30 15:43:20 +01:00
Olivier Bertrand
3e36eb230b Fix gcc compiler warnings reported by Sergei 
modified:   storage/connect/array.cpp
  modified:   storage/connect/array.h
  modified:   storage/connect/blkfil.cpp
  modified:   storage/connect/blkfil.h
  modified:   storage/connect/block.h
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/colblk.h
  modified:   storage/connect/csort.h
  modified:   storage/connect/filamvct.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/filter.h
  modified:   storage/connect/global.h
  modified:   storage/connect/json.h
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/tabcol.cpp
  modified:   storage/connect/tabcol.h
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabdos.h
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/table.cpp
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabodbc.h
  modified:   storage/connect/tabsys.h
  modified:   storage/connect/tabxml.h
  modified:   storage/connect/value.cpp
  modified:   storage/connect/value.h
  modified:   storage/connect/xindex.cpp
  modified:   storage/connect/xindex.h
  modified:   storage/connect/xobject.cpp
  modified:   storage/connect/xobject.h
  modified:   storage/connect/xtable.h

Set values as nullable when retrieving catalog info
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/mysql-test/connect/r/odbc_oracle.result
  modified:   storage/connect/odbconn.cpp

Change format of Jpath
  modified:   storage/connect/json.cpp
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/mysql-test/connect/r/json.result
  modified:   storage/connect/mysql-test/connect/r/json_udf.result
  modified:   storage/connect/mysql-test/connect/r/json_udf_bin.result
  modified:   storage/connect/mysql-test/connect/r/zip.result
  modified:   storage/connect/mysql-test/connect/t/json.test
  modified:   storage/connect/mysql-test/connect/t/json_udf.test
  modified:   storage/connect/mysql-test/connect/t/json_udf_bin.test
  modified:   storage/connect/mysql-test/connect/t/zip.test
  modified:   storage/connect/tabjson.cpp
  modified:   storage/connect/tabjson.h
  modified:   storage/connect/tabmgo.cpp

Change null representation from ??? to <null>
  modified:   storage/connect/json.cpp

Change the name of UDF that are equal to a native JSON function name
  modified:   storage/connect/jsonudf.cpp
  modified:   storage/connect/jsonudf.h
  modified:   storage/connect/mysql-test/connect/t/json_udf.inc
  modified:   storage/connect/mysql-test/connect/t/json_udf2.inc

Fix bug in making JSON project info
  modified:   storage/connect/mongofam.cpp

Fix COMPUTE when one argument is null
  modified:   storage/connect/value.cpp

Value is null only when nullable
  modified:   storage/connect/value.h
 2017-05-23 19:35:50 +02:00
Olivier Bertrand
82913b0e90 Commit changes made for version 10.1 2017-01-17 19:39:49 +01:00
Olivier Bertrand
599d8cc2de - MDEV-11366 SIGBUS errors in Connect Storage Engine for ArmHF and MIPS. 
Fix includes launchpad fix plus more to cover writing BIN tables.
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/value.h

- Typo: Change the name of filamzip to filamgz to prepare future ZIP tables.
  modified:   storage/connect/CMakeLists.txt
  added:      storage/connect/filamgz.cpp
  added:      storage/connect/filamgz.h
  deleted:    storage/connect/filamzip.cpp
  deleted:    storage/connect/filamzip.h
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabdos.h
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabjson.cpp
 2016-12-02 23:03:43 +01:00
Renamed from storage/connect/filamzip.cpp (Browse further)