mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-30 18:41:56 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/include
History
Mikhail Chalov 567b681299 Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 
The MariaDB code base uses strcat() and strcpy() in several
places. These are known to have memory safety issues and their usage is
discouraged. Common security scanners like Flawfinder flags them. In MariaDB we
should start using modern and safer variants on these functions.

This is similar to memory issues fixes in 19af1890b5
and 9de9f105b5 but now replace use of strcat()
and strcpy() with safer options strncat() and strncpy().

However, add '\0' forcefully to make sure the result string is correct since
for these two functions it is not guaranteed what new string will be null-terminated.

Example:

    size_t dest_len = sizeof(g->Message);
    strncpy(g->Message, "Null json tree", dest_len); strncat(g->Message, ":",
    sizeof(g->Message) - strlen(g->Message)); size_t wrote_sz = strlen(g->Message);
    size_t cur_len = wrote_sz >= dest_len ? dest_len - 1 : wrote_sz;
    g->Message[cur_len] = '\0';

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services

-- Reviewer and co-author Vicențiu Ciorbaru <vicentiu@mariadb.org>
-- Reviewer additions:
* The initial function implementation was flawed. Replaced with a simpler
  and also correct version.
* Simplified code by making use of snprintf instead of chaining strcat.
* Simplified code by removing dynamic string construction in the first
  place and using static strings if possible. See connect storage engine
  changes.
2023-01-20 15:18:52 +02:00
..
atomic Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
mysql header typos 2022-12-20 08:55:48 +11:00
big_endian.h Update FSF address 2019-05-11 19:25:02 +03:00
byte_order_generic.h MDEV-21981 Replace arithmetic + with bitwise OR when possible 2020-03-19 15:09:13 +02:00
byte_order_generic_x86.h MDEV-21981 Replace arithmetic + with bitwise OR when possible 2020-03-19 15:09:13 +02:00
byte_order_generic_x86_64.h MDEV-21981 Replace arithmetic + with bitwise OR when possible 2020-03-19 15:09:13 +02:00
CMakeLists.txt MDEV-30102 file missing in development libraries 2023-01-02 00:04:03 +01:00
decimal.h Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
dur_prop.h Merge InnoDB 5.7 from mysql-5.7.9. 2016-09-02 13:22:28 +03:00
errmsg.h test cases for MySQL bugs 2022-01-21 16:02:34 +01:00
ft_global.h MDEV-23269 SIGSEGV in ft_boolean_check_syntax_string on setting ft_boolean_syntax 2021-10-11 17:43:23 +04:00
handler_ername.h Follow-up to changing FSF address 2019-05-11 18:30:45 +03:00
handler_state.h Fix for MDEV-533: Confusing error code when doing auto-increment insert for out-of-range values 2012-09-18 15:14:19 +03:00
hash.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
heap.h header typos 2022-12-20 08:55:48 +11:00
ilist.h Merge 10.2 into 10.3 2020-08-13 18:18:25 +03:00
json_lib.h header typos 2022-12-20 08:55:48 +11:00
keycache.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
lf.h MDEV-21167 LF_PINS::stack_ends_here inaccurate, leading to alloca() larger than stack 2019-11-28 10:48:09 +01:00
little_endian.h Update FSF address 2019-05-11 19:25:02 +03:00
m_ctype.h header typos 2022-12-20 08:55:48 +11:00
m_string.h Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 2023-01-20 15:18:52 +02:00
ma_dyncol.h header typos 2022-12-20 08:55:48 +11:00
maria.h Merge 10.2 into 10.3 2019-07-02 17:46:22 +03:00
mariadb_capi_rename.h MDEV-29490 Renaming internally used client API to avoid name conflicts 2022-10-25 14:00:21 +02:00
my_alarm.h Fix warning with signal typedef for *BSD 2022-10-31 09:28:17 +11:00
my_alloc.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_atomic.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_attribute.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_base.h header typos 2022-12-20 08:55:48 +11:00
my_bit.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_bitmap.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_byteorder.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_check_opt.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_compare.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_compiler.h Merge 10.2 into 10.3 2020-06-05 16:51:26 +03:00
my_context.h Xcode compatibility update 2021-10-12 18:10:56 -04:00
my_cpu.h MDEV-19845: Adaptive spin loops 2019-06-27 10:53:18 +03:00
my_crypt.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_dbug.h Merge branch '10.2' into 10.3 2020-05-04 16:47:11 +02:00
my_decimal_limits.h header typos 2022-12-20 08:55:48 +11:00
my_default.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_dir.h header typos 2022-12-20 08:55:48 +11:00
my_getopt.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_global.h header typos 2022-12-20 08:55:48 +11:00
my_handler_errors.h MDEV-27217 DELETE partition selection doesn't work for history partitions 2022-01-13 23:35:16 +03:00
my_libwrap.h Update FSF Address 2019-05-11 21:29:06 +03:00
my_list.h Update FSF Address 2019-05-11 21:29:06 +03:00
my_md5.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_minidump.h MDEV-11499 mysqltest, Windows : improve diagnostics if server fails to shutdown 2021-09-24 11:49:28 +02:00
my_net.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_nosys.h Update FSF Address 2019-05-11 21:29:06 +03:00
my_pthread.h Merge 10.2 into 10.3 2021-10-28 07:50:05 +03:00
my_rdtsc.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_rnd.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
my_service_manager.h Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
my_stacktrace.h Merge 10.2 into 10.3 2020-08-20 09:12:16 +03:00
my_sys.h header typos 2022-12-20 08:55:48 +11:00
my_time.h Merge 10.2 into 10.3 2022-04-06 08:06:35 +03:00
my_tree.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_uctype.h Update FSF Address 2019-05-11 21:29:06 +03:00
my_user.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
my_valgrind.h MDEV-20377 post-fix: Introduce MEM_MAKE_ADDRESSABLE 2020-07-02 17:59:28 +03:00
my_xml.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
myisam.h header typos 2022-12-20 08:55:48 +11:00
myisamchk.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
myisammrg.h header typos 2022-12-20 08:55:48 +11:00
myisampack.h MDEV-29473 UBSAN: Signed integer overflow: X * Y cannot be represented in type 'int' in strings/dtoa.c 2022-11-17 17:51:01 +04:00
mysql.h header typos 2022-12-20 08:55:48 +11:00
mysql_async.h Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
mysql_com.h MDEV-22660 System versioning cleanups 2021-10-11 13:36:06 +03:00
mysql_com_server.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
mysql_embed.h Update FSF Address 2019-05-11 21:29:06 +03:00
mysql_time.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
mysql_version.h.in Merge 10.2 into 10.3 2020-10-28 10:01:50 +02:00
mysqld_default_groups.h MDEV-34 delete storage/ndb and sql/*ndb* (and collateral changes) 2014-10-11 18:53:06 +02:00
mysys_err.h Update FSF Address 2019-05-11 21:29:06 +03:00
pack.h Merge branch '10.2' into bb-10.2-connector-c-integ-subm 2016-09-21 12:54:56 +02:00
password.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
probes_mysql.d.base Update FSF Address 2019-05-11 21:29:06 +03:00
probes_mysql.h Update FSF Address 2019-05-11 21:29:06 +03:00
probes_mysql_nodtrace.h.in Merge branch '5.5' into 10.0 2016-02-15 22:50:59 +01:00
queues.h header typos 2022-12-20 08:55:48 +11:00
rijndael.h Update FSF Address 2019-05-11 21:29:06 +03:00
service_versions.h Merge 10.2 into 10.3 2021-03-18 12:34:48 +02:00
source_revision.h.in SOURCE_REVISION should always be defined in source_revision.h 2017-11-01 13:20:32 +00:00
span.h span cleanup 2020-05-15 16:25:32 +03:00
sql_common.h Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
ssl_compat.h Windows : fix broken build with OpenSSL 2022-01-09 12:04:22 +01:00
sslopt-case.h CONC-447 ERROR 2026 (HY000): SSL connection error: Certificate signature check failed 2019-12-08 18:26:16 +01:00
sslopt-longopts.h MDEV-29817: Issues with handling options for SSL CRLs (and some others) 2022-11-22 14:07:39 +01:00
sslopt-vars.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
t_ctype.h Update FSF Address 2019-05-11 21:29:06 +03:00
thr_alarm.h Update FSF Address 2019-05-11 21:29:06 +03:00
thr_lock.h Merge 10.1 into 10.2 2019-05-13 17:54:04 +03:00
thr_timer.h Merge branch '5.5' into 10.1 2019-05-11 22:19:05 +03:00
thread_pool_priv.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
typelib.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
violite.h MDEV-23348 vio_shutdown does not prevent later ReadFile on named pipe 2020-08-03 13:23:38 +02:00
waiting_threads.h header typos 2022-12-20 08:55:48 +11:00
welcome_copyright_notice.h Update FSF Address 2019-05-11 21:29:06 +03:00
wqueue.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00
wsrep.h Merge 10.2 into 10.3 2019-05-14 17:18:46 +03:00