Commit graph

892 commits

Author SHA1 Message Date
Oleksandr Byelkin
ca091e6372 Merge branch '10.1' into 10.2 2020-05-02 08:44:17 +02:00
Oleksandr Byelkin
23c6fb3e62 Merge branch '5.5' into 10.1 2020-04-30 17:36:41 +02:00
Anushree Prakash B
e8e67bd4a4 Bug#30689251 - BACKPORT TO MYSQL-5.6, BUG#29597896 - NULL POINTER DEREFERENCE IN LIBMYSQL
DESCRIPTION:
============
There can be issues if the packets sent by the server
are not proper. Certain checks should be performed at the
client side while unpacking fields data.

FIX:
====
Check for the appropriate fields data and error out if it
is not present.

RB: 23601
2020-04-30 10:13:21 +02:00
Oleksandr Byelkin
3a1716a7e7 Merge branch '10.1' into 10.2 2020-01-20 16:15:05 +01:00
Oleksandr Byelkin
f31bf6f094 Merge branch '5.5' into 10.1 2020-01-19 12:22:12 +01:00
Sergei Golubchik
4d1c1b23e1 Bug#29630767 - USE OF UNINITIALIZED VALUE IN LIBMYSQL (CLIENT.CC FUNCTION RUN_PLUGIN_AUTH) 2020-01-18 00:05:16 +01:00
Vladislav Vaintroub
5804bb4ef0 MDEV-19750 mysql command wrong encoding
Restore the detection of default charset in command line utilities.
It worked up to 10.1, but was broken by Connector/C.

Moved code for detection of default charset from sql-common/client.c
to mysys, and make command line utilities to use this code if charset
was not specified on the command line.
2019-06-17 18:04:47 +01:00
Marko Mäkelä
26a14ee130 Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
Vicențiu Ciorbaru
cb248f8806 Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
Vicențiu Ciorbaru
5543b75550 Update FSF Address
* Update wrong zip-code
2019-05-11 21:29:06 +03:00
Oleksandr Byelkin
8cbb14ef5d Merge branch '10.1' into 10.2 2019-05-04 17:04:55 +02:00
Vladislav Vaintroub
e116f11f0a MDEV-18131 MariaDB does not verify IP addresses from subject alternative
names

Added a call to X509_check_ip_asc() in case server_hostname represents
an IP address.
2019-04-28 12:49:59 +02:00
Sergei Golubchik
f97d879bf8 cmake: re-enable -Werror in the maintainer mode
now we can afford it. Fix -Werror errors. Note:
* old gcc is bad at detecting uninit variables, disable it.
* time_t is int or long, cast it for printf's
2019-03-27 22:51:37 +01:00
Marko Mäkelä
a249e57b68 Merge 10.1 into 10.2
Temporarily disable a test for
commit 2175bfce3e
because fixing it in 10.2 requires updating libmariadb.
2019-02-03 17:22:05 +02:00
Marko Mäkelä
213ece2f2e Merge 10.1 into 10.1
This is joint work with Oleksandr Byelkin.
2019-02-02 13:00:15 +02:00
Oleksandr Byelkin
c4f97d3cfa Merge branch '5.5' into 10.0 2019-01-28 20:52:47 +01:00
Sergei Golubchik
2175bfce3e Crude "auto-load-data-local-infile" mode
Disable LOAD DATA LOCAL INFILE suport by default and
auto-enable it for the duration of one query, if the query
string starts with the word "load". In all other cases the application
should enable LOAD DATA LOCAL INFILE support explicitly.
2019-01-27 18:54:12 +01:00
Marko Mäkelä
ef3070e997 Merge 10.1 into 10.2 2018-08-02 08:19:57 +03:00
Oleksandr Byelkin
865e807125 Merge branch '10.0' into 10.1 2018-07-31 11:58:29 +02:00
Marko Mäkelä
91181b225c Merge 5.5 into 10.0 2018-07-30 15:09:25 +03:00
Oleksandr Byelkin
fceda2dab6 Merge remote-tracking branch 'mysql/5.5' into 5.5
We do not accept:
1. We did not have this problem (fixed earlier and better)
 d982e717ab Bug#27510150: MYSQLDUMP FAILS FOR SPECIFIC --WHERE CLAUSES
2. We do not have such options (an DBUG_ASSERT put just in case)
 bbc2e37fe4 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7
3. Serg fixed it in other way in this release:
 e48d775c6f Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
2018-07-29 13:10:29 +02:00
Sergei Golubchik
b942aa34c1 Merge branch '10.1' into 10.2 2018-06-21 23:47:39 +02:00
Ivo Roylev
e48d775c6f Bug#27980823: HEAP OVERFLOW VULNERABILITIES IN MYSQL CLIENT LIBRARY
(cherry picked from commit b5b986b2cbd9a7848dc3f48e5c42b6d4e1e5fb22)
2018-06-15 18:31:38 +02:00
Vicențiu Ciorbaru
aa59ecec89 Merge branch '10.0' into 10.1 2018-06-12 18:55:27 +03:00
Vicențiu Ciorbaru
3ead951180 Merge branch '5.5' into 10.0 2018-06-10 17:16:27 +03:00
Vladislav Vaintroub
72b6d01848 MDEV-10246 ssl-* config file options have no effect without mysql_ssl_set()
Partially revert 4ef7497996
that caused regression.

Any ssl- option must imply use_ssl=1, even if mysql_set_ssl() was not
used.
2018-06-05 22:13:19 +01:00
Arun Kuruvila
bbc2e37fe4 Bug#27759871: BACKRONYM ISSUE IS STILL IN MYSQL 5.7
Description:- Client applications establishes connection to
server, which does not support SSL, via TCP even when SSL is
enforced via MYSQL_OPT_SSL_MODE or MYSQL_OPT_SSL_ENFORCE or
MYSQL_OPT_SSL_VERIFY_SERVER_CERT.

Analysis:- There exist no error handling for catching client
applications which enforces SSL connection to connect to a
server which does not support SSL.

Fix:- Error handling is done to catch above mentioned
scenarios.
2018-05-14 11:28:13 +05:30
Sergei Golubchik
9b1824dcd2 Merge branch '10.1' into 10.2 2018-05-10 13:01:42 +02:00
Sergei Golubchik
9989c26bc9 Merge branch '10.0' into 10.1 2018-05-05 14:01:59 +02:00
Sergei Golubchik
3c07ed141c Merge branch '5.5' into 10.0 2018-05-04 17:35:09 +02:00
Sergei Golubchik
1d58d184c2 protocol: verify that number of rows is correct 2018-05-04 14:40:19 +02:00
Sergei Golubchik
42fac32413 Merge branch '5.5' into 10.0 2018-05-01 11:47:43 +02:00
Sergei Golubchik
fab383aac0 Use after free in authentication 2018-05-01 00:30:17 +02:00
Sergei Golubchik
a52c46e069 Bug#25471090: MYSQL USE AFTER FREE
a better fix
2018-04-30 15:49:19 +02:00
Sergei Golubchik
c4499a0391 Merge branch '5.5' into 10.0 2018-04-29 00:38:10 +02:00
Sergei Golubchik
5cfe52314e Bug#25471090: MYSQL USE AFTER FREE
fix another similar line

followup for 7828ba0df4
2018-04-27 11:32:19 +02:00
Marko Mäkelä
4cd7979c56 Merge 10.1 into 10.2 2018-04-24 09:39:45 +03:00
Marko Mäkelä
9c34a4124d Merge 10.0 into 10.1 2018-04-24 09:26:40 +03:00
Sergei Golubchik
587568b72a Merge branch '5.5' into 10.0 2018-04-20 14:33:24 +02:00
Sergei Golubchik
7828ba0df4 Bug#25471090: MYSQL USE AFTER FREE
in a specially crafted invalid packet, one can get end_pos < pos here
2018-04-19 22:49:19 +02:00
Vicențiu Ciorbaru
45e6d0aebf Merge branch '10.1' into 10.2 2018-04-10 17:43:18 +03:00
Vicențiu Ciorbaru
4c89cff558 Merge branch '10.0' into 10.1 2018-04-07 17:11:22 +03:00
Vicențiu Ciorbaru
6a72b9096a Merge branch '5.5' into 10.0 2018-04-03 18:08:30 +03:00
Michael Gmelin
ed33296246 Fix LibreSSL X509 (SSL) certificate hostname checking.
(Currently) LibreSSL doesn't calculate the string length of the hostname
that's passed to X509_check_host automatically in case namelen/chklen is 0.
This causes server certificate validation to fail when building MariaDB with
LibreSSL.

The proposed fix makes MariaDB determine the string length passed to
X509_check_host. As there are no ill side-effects (OpenSSL's X509_check_host
also simply calls strlen if namelen == 0, see also X509_check_host(3)), this
wasn't wrapped in any #ifdef like constructs.

Please see here for a proposed patch to modify LibreSSL's behavior:
https://github.com/libressl-portable/openbsd/pull/87
2018-04-03 16:20:04 +02:00
Sergei Golubchik
f5369faf5b don't disable SSL when connecting via libmysqld 2018-04-03 16:19:10 +02:00
Arun Kuruvila
e4784703ee Bug#25471090: MYSQL USE AFTER FREE
Description:- Mysql client crashes when trying to connect
to a fake server which is sending incorrect packets.

Analysis:- Mysql client crashes when it tries to read
server version details.

Fix:- A check is added in "red_one_row()".
2018-02-12 15:19:43 +05:30
Vicențiu Ciorbaru
985d2d393c Merge remote-tracking branch 'origin/10.1' into 10.2 2017-12-22 12:23:39 +02:00
Sergey Vojtovich
2cd3169113 MDEV-14265 - RPMLint warning: shared-lib-calls-exit
find_type_or_exit() client helper did exit(1) on error, exit(1) moved to
clients.

mysql_read_default_options() did exit(1) on error, error is passed through and
handled now.

my_str_malloc_default() did exit(1) on error, replaced my_str_ allocator
functions with normal my_malloc()/my_realloc()/my_free().

sql_connect.cc did many exit(1) on hash initialisation failure. Removed error
check since my_hash_init() never fails.

my_malloc() did exit(1) on error. Replaced with abort().

my_load_defaults() did exit(1) on error, replaced with return 2.

my_load_defaults() still does exit(0) when invoked with --print-defaults.
2017-12-19 19:10:54 +04:00
Sergei Golubchik
e0a1c745ec Merge branch '10.1' into 10.2 2017-10-24 14:53:18 +02:00
Sergei Golubchik
9d2e2d7533 Merge branch '10.0' into 10.1 2017-10-22 13:03:41 +02:00