mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-26 08:44:33 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/plugin/file_key_management/parser.h
Sergei Golubchik e02749aaf5 completely rewrote file_key_management plugin 
numerous issues fixed:
* buffer overflows
* error conditions aren't checked (crash if file doesn't exist)
* accessing random unallocated memory
* hard-coded password
* arbitrary hard-coded key id limit
* incomprehensible error messages (for key_id == 0 it reported
  "The key could not be initialized", for syntax errors the message was
  "Wrong match of the keyID, see the template", for a key id
  larger than hard-coded limit the message was "No asked key", and there
  was an error "Is comment" for a comment).
* tons of small mallocs, many are freed few lines down in the code
* malloc(N) and new char[N] are used both, even in the same function
* redundant memory copies
* pcre - "I can solve it with regular expressions" - with incorrect regexes
* parser context stored in a singleton
* keys are stored as strings and are strlen-ed and hex2bin-ed on every
  get_key() request
* lots of useless code (e.g. sprintf instead of a pointer assignment,
  checking of the file length to read a part of it in a fixed buffer,
  multiplying by sizeof(char) in many places, etc)
* this list is not exhaustive
2015-04-08 10:58:50 +02:00

54 lines
1.8 KiB
C++
Raw Blame History

/* Copyright (C) 2014 eperi GmbH.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */
/******************************************************************//**
@file Parser.h
A structure and class to keep keys for encryption/decryption.
Created 09/15/2014
***********************************************************************/
#include <my_crypt.h>
#include <ctype.h>
#include <sql_array.h>
struct keyentry {
unsigned int id;
unsigned char key[MY_AES_MAX_KEY_LENGTH];
unsigned int length;
};
class Parser
{
const char *filename;
const char *filekey;
unsigned int line_number;
unsigned int from_hex(char c)
{ return c <= '9' ? c - '0' : tolower(c) - 'a' + 10; }
void bytes_to_key(const unsigned char *salt, const char *secret,
unsigned char *key, unsigned char *iv);
bool read_filekey(const char *filekey, char *secret);
bool parse_file(Dynamic_array<keyentry> *keys, const char *secret);
void report_error(const char *reason, unsigned int position);
int parse_line(char **line_ptr, keyentry *key);
char* read_and_decrypt_file(const char *secret);
public:
Parser(const char* fn, const char *fk) :
filename(fn), filekey(fk), line_number(0) { }
bool parse(Dynamic_array<keyentry> *keys);
};
Reference in a new issue View git blame Copy permalink