ERROR HANDLING CODE
BACKGROUND:
There can be a potential crash due to buffer overrun in
SSL error handling code due to missing comma in
ssl_error_string[] array in viosslfactories.c.
ANALYSIS:
Found by code Inspection.
FIX:
Added the missing comma in SSL error handling code
in ssl_error_string[] array in viosslfactories.c.
ERROR HANDLING CODE
BACKGROUND:
There can be a potential crash due to buffer overrun in
SSL error handling code due to missing comma in
ssl_error_string[] array in viosslfactories.c.
ANALYSIS:
Found by code Inspection.
FIX:
Added the missing comma in SSL error handling code
in ssl_error_string[] array in viosslfactories.c.
ERROR HANDLING CODE
BACKGROUND:
There can be a potential crash due to buffer overrun in
SSL error handling code due to missing comma in
ssl_error_string[] array in viosslfactories.c.
ANALYSIS:
Found by code Inspection.
FIX:
Added the missing comma in SSL error handling code
in ssl_error_string[] array in viosslfactories.c.
ERROR HANDLING CODE
BACKGROUND:
There can be a potential crash due to buffer overrun in
SSL error handling code due to missing comma in
ssl_error_string[] array in viosslfactories.c.
ANALYSIS:
Found by code Inspection.
FIX:
Added the missing comma in SSL error handling code
in ssl_error_string[] array in viosslfactories.c.
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
CONNECTIONS IF SPE
Problem description: -ssl-key value is not validated, you can assign any bogus
text to --ssl-key and it is not verified that it exists, and more importantly,
it allows the client to connect to mysqld.
Fix: Added proper validations checks for --ssl-key.
Note:
1) Documentation changes require for 5.1, 5.5, 5.6 and trunk in the sections
listed below and the details are :
http://dev.mysql.com/doc/refman/5.6/en/ssl-options.html#option_general_ssl
and
REQUIRE SSL section of
http://dev.mysql.com/doc/refman/5.6/en/grant.html
2) Client having with option '--ssl', should able to get ssl connection. This
will be implemented as part of separate fix in 5.6 and trunk.
Contributed by Maarten Vanraes (AL13N)
Fix things so that chains of certificates work in the server and client
certificate files.
This only really works for OpenSSL-based builds, as yassl is unable to read
multiple certificates from a file. The patch below to yassl/src/ssl.cpp
doesn't fix that, but just arranges that the viosslfactories.c patch won't
have any ill effects in a yassl build.
dbug/tests.c:
Added __attribute__((unused)) to get rid of compiler warning
server-tools/instance-manager/guardian.cc:
Added __attribute__((unused)) to get rid of compiler warning
sql/filesort.cc:
Added __attribute__((unused)) to get rid of compiler warning
sql/slave.cc:
Added __attribute__((unused)) to get rid of compiler warning
sql/sql_load.cc:
Added __attribute__((unused)) to get rid of compiler warning
sql/sql_table.cc:
Added __attribute__((unused)) to get rid of compiler warning
storage/maria/ma_blockrec.c:
Added __attribute__((unused)) to get rid of compiler warning
storage/maria/ma_check.c:
Added missing cast
storage/maria/ma_loghandler.c:
Added __attribute__((unused)) to get rid of compiler warning
storage/maria/ma_recovery.c:
Added __attribute__((unused)) to get rid of compiler warning
storage/pbxt/src/cache_xt.cc:
Added __attribute__((unused)) to get rid of compiler warning
storage/xtradb/fil/fil0fil.c:
Removed not used variable
storage/xtradb/handler/ha_innodb.cc:
Use unused variable
vio/viosocket.c:
Remove usage of not used variable
vio/viosslfactories.c:
Added cast
SSL errors on client and now more specific to aid end-user
with debugging. Also restructures error handling for
compliance with SSL docs.
include/violite.h:
new_VioSSLConnectorFd/sslaccept/sslconnect return more elaborate status
libmysql/errmsg.c:
SSL errors now extended, more specific
mysql-test/r/openssl_1.result:
SSL errors now extended, more specific
sql-common/client.c:
Do more detailed error reporting for setup, connect, and
server cert verifying phases.
sql/sql_acl.cc:
sslaccept() signature has changed
vio/viossl.c:
Save the error code and return it to callers of sslaccept
and sslconnect.
vio/viosslfactories.c:
new_VioSSLConnectorFd(): return error code to caller
Essentially, the problem is that safemalloc is excruciatingly
slow as it checks all allocated blocks for overrun at each
memory management primitive, yielding a almost exponential
slowdown for the memory management functions (malloc, realloc,
free). The overrun check basically consists of verifying some
bytes of a block for certain magic keys, which catches some
simple forms of overrun. Another minor problem is violation
of aliasing rules and that its own internal list of blocks
is prone to corruption.
Another issue with safemalloc is rather the maintenance cost
as the tool has a significant impact on the server code.
Given the magnitude of memory debuggers available nowadays,
especially those that are provided with the platform malloc
implementation, maintenance of a in-house and largely obsolete
memory debugger becomes a burden that is not worth the effort
due to its slowness and lack of support for detecting more
common forms of heap corruption.
Since there are third-party tools that can provide the same
functionality at a lower or comparable performance cost, the
solution is to simply remove safemalloc. Third-party tools
can provide the same functionality at a lower or comparable
performance cost.
The removal of safemalloc also allows a simplification of the
malloc wrappers, removing quite a bit of kludge: redefinition
of my_malloc, my_free and the removal of the unused second
argument of my_free. Since free() always check whether the
supplied pointer is null, redudant checks are also removed.
Also, this patch adds unit testing for my_malloc and moves
my_realloc implementation into the same file as the other
memory allocation primitives.
client/mysqldump.c:
Pass my_free directly as its signature is compatible with the
callback type -- which wasn't the case for free_table_ent.
Essentially, the problem is that safemalloc is excruciatingly
slow as it checks all allocated blocks for overrun at each
memory management primitive, yielding a almost exponential
slowdown for the memory management functions (malloc, realloc,
free). The overrun check basically consists of verifying some
bytes of a block for certain magic keys, which catches some
simple forms of overrun. Another minor problem is violation
of aliasing rules and that its own internal list of blocks
is prone to corruption.
Another issue with safemalloc is rather the maintenance cost
as the tool has a significant impact on the server code.
Given the magnitude of memory debuggers available nowadays,
especially those that are provided with the platform malloc
implementation, maintenance of a in-house and largely obsolete
memory debugger becomes a burden that is not worth the effort
due to its slowness and lack of support for detecting more
common forms of heap corruption.
Since there are third-party tools that can provide the same
functionality at a lower or comparable performance cost, the
solution is to simply remove safemalloc. Third-party tools
can provide the same functionality at a lower or comparable
performance cost.
The removal of safemalloc also allows a simplification of the
malloc wrappers, removing quite a bit of kludge: redefinition
of my_malloc, my_free and the removal of the unused second
argument of my_free. Since free() always check whether the
supplied pointer is null, redudant checks are also removed.
Also, this patch adds unit testing for my_malloc and moves
my_realloc implementation into the same file as the other
memory allocation primitives.
not logged
Errors encountered during initialization of the SSL subsystem
are printed to stderr, rather than to the error log.
This patch adds a parameter to several SSL init functions to
report the error (if any) out to the caller. The function
init_ssl() in mysqld.cc is moved after the initialization of
the log subsystem, so that any error messages can be logged to
the error log. Printing of messages to stderr has been
retained to get diagnostic output in a client context.
include/violite.h:
Adding an enumeration for the various errors that can
occur during initialization of the SSL module.
sql/mysqld.cc:
Adding more logging of SSL init errors, and moving
init_ssl() till after initialization of logging
subsystem.
vio/viosslfactories.c:
Define error strings, provide an access method for these
strings, and maintain an error parameter in several funcs
to return the error (if any) to the caller.
not logged
Errors encountered during initialization of the SSL subsystem
are printed to stderr, rather than to the error log.
This patch adds a parameter to several SSL init functions to
report the error (if any) out to the caller. The function
init_ssl() in mysqld.cc is moved after the initialization of
the log subsystem, so that any error messages can be logged to
the error log. Printing of messages to stderr has been
retained to get diagnostic output in a client context.
value" error even though the value was correct): a C function in my_getopt.c
was taking bool* in parameter and was called from C++ sql_plugin.cc,
but on some Mac OS X sizeof(bool) is 1 in C and 4 in C++, giving funny
mismatches. Fixed, all other occurences of bool in C are removed, future
ones are blocked by a "C-bool-catcher" in my_global.h (use my_bool).
client/mysqldump.c:
my_bool for C
client/mysqltest.c:
my_bool for C
extra/replace.c:
my_bool for C
include/my_getopt.h:
my_bool for C
include/my_global.h:
Prevent people from using bool in C, it causes real bugs.
include/my_sys.h:
my_bool for C
include/my_time.h:
my_bool for C
include/thr_lock.h:
my_bool for C
libmysql/libmysql.c:
my_bool for C
mysys/charset.c:
my_bool for C
mysys/my_getopt.c:
my_bool for C
mysys/queues.c:
my_bool for C
mysys/thr_lock.c:
my_bool for C
regex/reginit.c:
my_bool for C
sql/set_var.cc:
C functions use my_bool so we must use my_bool too.
sql/sql_plugin.cc:
C functions use my_bool so we must use my_bool too.
This fixes a real observed bug of Maria, because on some Mac OS X,
sizeof(bool) is 1 in C and 4 in C++, so the bool* does wrong.
Removing useless line.
storage/heap/hp_update.c:
my_bool for C
storage/myisam/mi_check.c:
my_bool for C
storage/myisam/mi_dynrec.c:
my_bool for C
storage/myisam/mi_search.c:
my_bool for C
storage/myisam/mi_update.c:
my_bool for C
storage/myisam/mi_write.c:
my_bool for C
storage/myisam/myisamdef.h:
my_bool for C
storage/myisam/myisamlog.c:
my_bool for C
storage/myisam/myisampack.c:
my_bool for C
tests/mysql_client_test.c:
my_bool for C
unittest/mysys/bitmap-t.c:
my_bool for C
vio/viosslfactories.c:
my_bool for C
value" error even though the value was correct): a C function in my_getopt.c
was taking bool* in parameter and was called from C++ sql_plugin.cc,
but on some Mac OS X sizeof(bool) is 1 in C and 4 in C++, giving funny
mismatches. Fixed, all other occurences of bool in C are removed, future
ones are blocked by a "C-bool-catcher" in my_global.h (use my_bool).
