mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-29 10:14:19 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
192357 commits 2784 branches 343 tags 1.7 GiB
Commit graph

20 commits

Author SHA1 Message Date
Mikhail Chalov
2ff01e763e Fix insecure use of strcpy, strcat and sprintf in Connect 
Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
security issues due to lacking memory boundary checks. Replace these in the
Connect storage engine with safe new and/or custom functions such as
`snprintf()` `safe_strcpy()` and `safe_strcat()`.

With this change FlawFinder and other static security analyzers report 287
fewer findings.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.
 2023-05-12 15:37:00 +01:00
Oleksandr Byelkin
7841a7eb09 Merge branch '10.3' into 10.4 2021-07-31 22:59:58 +02:00
Olivier Bertrand
5f64276fb2 - Fix MDEV-25863 : Replace __WIN__ by _WIN32 
modified:   storage/connect/array.cpp
  modified:   storage/connect/blkfil.cpp
  modified:   storage/connect/block.h
  modified:   storage/connect/bson.cpp
  modified:   storage/connect/cmgoconn.cpp
  modified:   storage/connect/colblk.cpp
  modified:   storage/connect/domdoc.cpp
  modified:   storage/connect/filamap.cpp
  modified:   storage/connect/filamdbf.cpp
  modified:   storage/connect/filamfix.cpp
  modified:   storage/connect/filamgz.cpp
  modified:   storage/connect/filamtxt.cpp
  modified:   storage/connect/filamvct.cpp
  modified:   storage/connect/filamzip.cpp
  modified:   storage/connect/filter.cpp
  modified:   storage/connect/filter.h
  modified:   storage/connect/fmdlex.c
  modified:   storage/connect/global.h
  modified:   storage/connect/ha_connect.cc
  modified:   storage/connect/javaconn.cpp
  modified:   storage/connect/javaconn.h
  modified:   storage/connect/jdbconn.cpp
  modified:   storage/connect/jmgfam.cpp
  modified:   storage/connect/json.cpp
  modified:   storage/connect/macutil.cpp
  modified:   storage/connect/macutil.h
  modified:   storage/connect/maputil.cpp
  modified:   storage/connect/mycat.cc
  modified:   storage/connect/myconn.cpp
  modified:   storage/connect/myconn.h
  modified:   storage/connect/myutil.cpp
  modified:   storage/connect/odbconn.cpp
  modified:   storage/connect/odbconn.h
  modified:   storage/connect/os.h
  modified:   storage/connect/osutil.c
  modified:   storage/connect/plgdbsem.h
  modified:   storage/connect/plgdbutl.cpp
  modified:   storage/connect/plugutil.cpp
  modified:   storage/connect/rcmsg.c
  modified:   storage/connect/reldef.cpp
  modified:   storage/connect/reldef.h
  modified:   storage/connect/tabdos.cpp
  modified:   storage/connect/tabext.cpp
  modified:   storage/connect/tabfix.cpp
  modified:   storage/connect/tabfmt.cpp
  modified:   storage/connect/tabjdbc.cpp
  modified:   storage/connect/tabmac.cpp
  modified:   storage/connect/tabmac.h
  modified:   storage/connect/tabmul.cpp
  modified:   storage/connect/tabmul.h
  modified:   storage/connect/tabmysql.cpp
  modified:   storage/connect/taboccur.cpp
  modified:   storage/connect/tabodbc.cpp
  modified:   storage/connect/tabpivot.cpp
  modified:   storage/connect/tabrest.cpp
  modified:   storage/connect/tabrest.h
  modified:   storage/connect/tabsys.cpp
  modified:   storage/connect/tabtbl.cpp
  modified:   storage/connect/tabutil.cpp
  modified:   storage/connect/tabvct.cpp
  modified:   storage/connect/tabwmi.cpp
  modified:   storage/connect/tabxcl.cpp
  modified:   storage/connect/tabxml.cpp
  modified:   storage/connect/valblk.cpp
  modified:   storage/connect/value.cpp
  modified:   storage/connect/xindex.cpp
  modified:   storage/connect/xindex.h

- Fix Date errors and SSL warnings
  modified:   storage/connect/mysql-test/connect/r/jdbc.result
  modified:   storage/connect/mysql-test/connect/r/jdbc_new.result
  modified:   storage/connect/mysql-test/connect/t/jdbc.test
  modified:   storage/connect/mysql-test/connect/t/jdbc_new.test

- Update java source files
  modified:   storage/connect/Mongo2Interface.java
  modified:   storage/connect/Mongo3Interface.java
  added:      storage/connect/Client2.java
  added:      storage/connect/Client3.java
  added:      storage/connect/TestInsert2.java
  added:      storage/connect/TestInsert3.java
 2021-06-08 17:44:43 +02:00
Monty
4d61f1247a Fixed compiler warnings from gcc 7.4.1 
- Fixed possible error in rocksdb/rdb_datadic.cc
 2020-01-29 23:23:55 +02:00
Sergei Golubchik
e0a1c745ec Merge branch '10.1' into 10.2 2017-10-24 14:53:18 +02:00
Sergei Golubchik
2aa51f528f Various compier warnings 
gcc 5.4 and 7.1, Debug and Release builds
 2017-10-22 14:51:45 +02:00
Vladislav Vaintroub
daabb4d055 Fix truncation warnings in connect 2017-10-11 08:36:04 +02:00
Monty
92f1837a27 Fixed compilation warnings (while testing 32 bit builds) 2017-07-01 14:26:42 +03:00
Olivier Bertrand
e57876eacf - Fix MDEV-9279. Replacing exit(1) in yy_fatal_error by a longjmp. 
modified:   storage/connect/fmdlex.c
  modified:   storage/connect/plgdbutl.cpp
 2015-12-14 23:49:17 +01:00
Olivier Bertrand
e8ea671c25 Commit changes pulled from ob-10.0 2015-06-02 10:34:51 +02:00
Sergei Golubchik
ab3604989c MDEV-4243 [PATCH] Warnings/errors while compiling with clang 
fix the code to compile with clang. fix warnings too.

include/probes_mysql_nodtrace.h:
  clang++ doesn't like numeric _constants_ being used in ||
  (it suspects that the intention was | ). Boolean constants are ok.
sql/hostname.cc:
  only used in DBUG_ASSERT
sql/item.cc:
  str_to_time and str_to_datetime return bool, not MYSQL_TIMESTAMP_xxx
sql/item_func.cc:
  str_to_datetime_with_warn() returns bool, not MYSQL_TIMESTAMP_xxx
storage/cassandra/CMakeLists.txt:
  CMAKE_CXX_FLAGS can be empty
storage/connect/odbconn.cpp:
  HWND is void*
storage/connect/user_connect.h:
  deprecated on FreeBSD and unused anyway
storage/connect/value.cpp:
  bad characters inside. unused.
storage/spider/spd_trx.cc:
  clang++ warns that memset will also overwrite vtbl. it might be as well a good idea,
  as it asserts that the object will only be used as a storage.
  silence the warning.
 2013-11-28 22:35:59 +01:00
Michael Widenius
4712fb14b9 Fixed compiler warnings 2013-08-21 18:20:22 +03:00
Alexander Barkov
f9ba807354 fixing warnings: 
- no previous declaration for ‘ddwrap’
- implicit declaration of function ‘ddwrap’

modified:
  storage/connect/fmdlex.c
 2013-07-08 10:52:20 +04:00
Alexander Barkov
f2d2c1ea32 Fixing a typo in the previous push 
modified:
  storage/connect/fmdlex.c
 2013-07-08 10:49:50 +04:00
Alexander Barkov
269fd01bc1 fixing warnings: 
- no previous declaration for ‘_isatty’
- implicit declaration of function ‘_isatty’

modified:
  storage/connect/fmdlex.c
  storage/connect/osutil.c
 2013-07-08 10:46:15 +04:00
Olivier Bertrand
639ce0650c - Release storage allocated by flex 
modified:
  storage/connect/fmdlex.c
 2013-06-29 22:53:21 +02:00
Alexander Barkov
30c4b0ebc2 - Fixing TAB to 2 spaces 
- Fixing line endings from "\r\n" to "\n"
 2013-02-07 13:34:27 +04:00
Alexander Barkov
c87004d817 Removing os2def.h 
removed:
  storage/connect/os2def.h
modified:
  storage/connect/fmdlex.c
  storage/connect/maputil.cpp
  storage/connect/tabcol.cpp
  storage/connect/tabfmt.cpp
  storage/connect/tabmul.cpp
  storage/connect/tabmysql.cpp
 2013-01-29 23:23:03 +04:00
Alexander Barkov
501fc7642f Defining __STDC__, otherwise it does not compile on Windows 
modified:
  storage/connect/fmdlex.c
 2013-01-28 18:11:51 +04:00
Alexander Barkov
d7143a4160 Adding the CONNECT storage engine sources. 2013-01-18 19:21:44 +04:00