The MariaDB code base uses strcat() and strcpy() in several
places. These are known to have memory safety issues and their usage is
discouraged. Common security scanners like Flawfinder flags them. In MariaDB we
should start using modern and safer variants on these functions.
This is similar to memory issues fixes in 19af1890b5
and 9de9f105b5 but now replace use of strcat()
and strcpy() with safer options strncat() and strncpy().
However, add '\0' forcefully to make sure the result string is correct since
for these two functions it is not guaranteed what new string will be null-terminated.
Example:
size_t dest_len = sizeof(g->Message);
strncpy(g->Message, "Null json tree", dest_len); strncat(g->Message, ":",
sizeof(g->Message) - strlen(g->Message)); size_t wrote_sz = strlen(g->Message);
size_t cur_len = wrote_sz >= dest_len ? dest_len - 1 : wrote_sz;
g->Message[cur_len] = '\0';
All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services
-- Reviewer and co-author Vicențiu Ciorbaru <vicentiu@mariadb.org>
-- Reviewer additions:
* The initial function implementation was flawed. Replaced with a simpler
and also correct version.
* Simplified code by making use of snprintf instead of chaining strcat.
* Simplified code by removing dynamic string construction in the first
place and using static strings if possible. See connect storage engine
changes.
Allow passwordless login in addition to usual login with password, when
creating 'root' user during install.
The effect of that change is that "local administrators" group are
allowed to connect as root user. This is done via gssapi authentication
plugin.
Clients that are not aware of gssapi client plugin, can still login with
password credentials.
The error message "InnoDB: innodb_page_size=65536 requires innodb_buffer_pool_size >= 20MiB current 10MiB" is the relevant one.
The root cause:
mysql_install_db bootstraps with --innodb-buffer-pool-size=10M.
Small bufferpool is here by design - bootstrap should succeed,
even if there is not much RAM available, bootstrap does not need that much
memory.
For pagesize 64K specifically, Innodb thinks it needs a larger bufferpool,
and thus it lets the bootstrap process die (although the expected behavior
in this case would be to adjust value, give warning and continue)
The workaround:
- pass --innodb-buffer-pool-size=20M, which is suitable for all page sizes.
- check the same limit in MSI custom action.
Also, the patch adds mtr test for 64K page size.
This happens for example if one installs into home directory of a user
C:\Users\<username>\mariadb
The reason is that the service user "NT SERVICE\<service_name>" does
not have read and execute permissions for service executable mysqld.exe
in this directory.
Moreover, it would not have read permissions for server.dll loaded by the
exe, or to plugin directory, where plugins may reside.
The fix is to give service users read and execute permissions to bin, share, and
lib\plugin subdirectories.
The permission setting is doneby mysql_install_db.exe, but also in MSI.
It is important to do that in MSI, as we want permissions to survive
the MSI upgrade.
Previously, password was passed as hex(clear_text_password).
The hex encoding was used to avoid masking apostrophe and backslash etc.
However, bootstrap still manages to misinterpert UTF8 password, so that
root would not connect later.
So the fix is to compute the native password hash inside mysql_install_db
already instead, and create user with that hash, rather than letting bootstrap
calculate it by using PASSWORD() function.
CreateServiceA, OpenServiceA, and couple of other functions do not work
correctly with non-ASCII character, in the special case where application
has defined activeCodePage=UTF8.
Workaround by redefining affected ANSI functions to own wrapper, which
works by converting narrow(ANSI) to wide, then calling wide function.
Deprecate original ANSI service functions, via declspec, so that we can catch
their use.
Workaround Windows' bug in services "ANSI" when process ANSI codepage is
UTF8.
They turn out to work unlike any other API .
Expected behavior : strings be converted from GetACP() to Unicode,
and "wide" function would be then called.
Actual current behavior :
it seems to handle strings as-if they would be encoded in system-default
ACP, rather than process-specific GetACP()
Fix: redefine the OpenService,CreateService and ChangeServiceConfig
and do ANSI-Wide conversion outselves.
Tell compiler to deprecate some ANSI service functions.
xxx
- allow utf8 datadir, and password
- mysql_install_db.exe does not send clear password to mysqld --bootstrap
subprocess anymore, but hash, as server makes incorrect assumption about
character encoding in case it is UTF8.
- use CreateServiceW to create service, due to some Windows bug,
the ANSI version does not currently work well with strings outside
of ASCII range.
One should not change the program arguments!
This change also reduces warnings from the icc compiler.
Almost all changes are just syntax changes (adding const to
'get_one_option function' declarations).
Other changes:
- Added a few cast of 'argument' from 'const char*' to 'char *'. This
was mainly in calls to 'external' functions we don't have control of.
- Ensure that all reset of 'password command line argument' are similar.
(In almost all cases it was just adding a comment and a cast)
- In mysqlbinlog.cc and mysqld.cc there was a few cases that changed
the command line argument. These places where changed to instead allocate
the option in a MEM_ROOT to avoid changing the argument. Some of this
code was changed to ensure that different programs did parsing the
same way. Added a test case for the changes in mysqlbinlog.cc
- Changed a few variables that took their value from command line options
from 'char *' to 'const char *'.
The new parameter is called --config
The config file is copied to the data directory as my.ini, and possibly
modified.
Bootstrap will now use my.ini to create tables. In case of non-standard
directory/file placements, this will ensure correct permissions for the
service user.
mysql_install_db_win test is extended to test --config with non-trivial
config file.
This ensures that directory permissions are correct in all cases, even if
boostrap is passed non-standard locations for innodb.
Directory permissions are copied from the datadir.
Change mysql_install_db.exe to run service under virtual account.
Set directory permissions so that service has full access to data files.
mariabackup --copy-back permission handling (MDEV-17008) needs to be
changed as well.
Now, whenever a directory is created in course of copy-back,
its permissions are copied from the datadir. This handling assumes,
that datadir already has the correct permissions for the Windows service.
This commit is based on the work of Michal Schorm, rebased on the
earliest MariaDB version.
Th command line used to generate this diff was:
find ./ -type f \
-exec sed -i -e 's/Foundation, Inc., 59 Temple Place, Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/Foundation, Inc. 59 Temple Place.* Suite 330, Boston, /Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, /g' {} \; \
-exec sed -i -e 's/MA.*.....-1307.*USA/MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/Foundation, Inc., 59 Temple/Foundation, Inc., 51 Franklin/g' {} \; \
-exec sed -i -e 's/Place, Suite 330, Boston, MA.*02111-1307.*USA/Street, Fifth Floor, Boston, MA 02110-1335 USA/g' {} \; \
-exec sed -i -e 's/MA.*.....-1307/MA 02110-1335/g' {} \;
Remove CMake INSTALL command for COMPONENT DataFiles.
mysql_install_db.exe will calculate default datadir, so that it can be
called without any parameters.
