mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 20:12:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/storage/connect
History
Mikhail Chalov 2ff01e763e Fix insecure use of strcpy, strcat and sprintf in Connect 
Old style C functions `strcpy()`, `strcat()` and `sprintf()` are vulnerable to
security issues due to lacking memory boundary checks. Replace these in the
Connect storage engine with safe new and/or custom functions such as
`snprintf()` `safe_strcpy()` and `safe_strcat()`.

With this change FlawFinder and other static security analyzers report 287
fewer findings.

All new code of the whole pull request, including one or several files that are
either new files or modified ones, are contributed under the BSD-new license. I
am contributing on behalf of my employer Amazon Web Services, Inc.
2023-05-12 15:37:00 +01:00
..
mysql-test/connect MDEV-29782 CONNECT YEAR type conversion fix 2023-02-21 17:55:01 +00:00
.gitignore
ApacheInterface.java
array.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 2023-01-20 15:18:52 +02:00
array.h
blkfil.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
blkfil.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
block.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
bson.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
bson.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
bsonudf.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
bsonudf.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
catalog.h MDEV-30713 field length handling for CONNECT engine 2023-04-21 15:47:53 +01:00
checklvl.h
Client.java
Client2.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
Client3.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
CMakeLists.txt CONNECT: compile with libxml2 2.10.x 2022-10-22 11:48:45 +02:00
cmgfam.cpp - Major update of the json/bson/mongo table types programs. 2021-05-01 22:29:38 +02:00
cmgfam.h - Continue BSON implementation 2020-12-08 01:15:40 +01:00
cmgoconn.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
cmgoconn.h - Mongo defined columns 2021-05-24 16:56:12 +02:00
colblk.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
colblk.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
connect.cc Merge branch '10.3' into 10.4 2023-01-10 21:04:17 +01:00
connect.h Pull new version from origin 2020-03-12 19:16:36 +01:00
csort.cpp Update to version 1.07 (as for MariaDB 10.2) 2020-01-09 16:10:25 +01:00
csort.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
domdoc.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
domdoc.h
encas.h
engmsg.h
enids.h
filamap.cpp Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
filamap.h
filamdbf.cpp Merge branch '10.3' into 10.4 2023-01-28 18:22:55 +01:00
filamdbf.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
filamfix.cpp Merge branch '10.3' into 10.4 2023-01-28 18:22:55 +01:00
filamfix.h
filamgz.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
filamgz.h
filamtxt.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
filamtxt.h - Fix pretty=2 Tabjson bug on INSERT. 2020-12-15 12:28:03 +01:00
filamvct.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
filamvct.h
filamzip.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
filamzip.h - Fix MDEV-22571 and MDEV-22572. Allow multiple ZIP table 2020-07-16 16:30:54 +02:00
filter.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
filter.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
fmdlex.c Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
frcas.h
frids.h
frmsg.h
frmsg1.h
frmsg2.h
global.h Use memory safe snprintf() in Connect Engine and elsewhere (#2210) 2022-09-28 15:45:25 +01:00
ha_connect.cc Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
ha_connect.h Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
inihandl.cpp Merge 10.3 into 10.4 2021-10-13 12:03:32 +03:00
inihandl.h
ioapi.c clang15 warnings - unused vars and old prototypes 2023-01-10 17:10:43 +00:00
ioapi.h Fix building Connect storage engine ioapi code on OpenBSD / NetBSD / DragonFly 2022-07-25 15:06:32 +10:00
javaconn.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
javaconn.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
jdbccat.h
JdbcInterface.java
jdbconn.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
jdbconn.h
jmgfam.cpp - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
jmgfam.h - Continue BSON implementation 2020-12-08 01:15:40 +01:00
jmgoconn.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
jmgoconn.h - Major update of the json/bson/mongo table types programs. 2021-05-01 22:29:38 +02:00
json.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
json.h - Make user variable prefix recognized by IsArgJson and IsJson 2021-07-24 16:28:57 +02:00
jsonudf.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
jsonudf.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
libdoc.cpp Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
libdoc.h
macutil.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
macutil.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
maputil.cpp Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
maputil.h Fix compile error on LINUX (LARGE_INTEGER) 2020-11-03 23:19:22 +01:00
MariadbInterface.java
messages.h
mini-global.h In CONNECT version 1.6.10 NOSQL facility is enhanced by a new way to retrieve NOSQL data. 2019-08-24 16:14:24 +02:00
mongo.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
mongo.h - Make user variable prefix recognized by IsArgJson and IsJson 2021-07-24 16:28:57 +02:00
Mongo2Interface.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
Mongo3Interface.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
msgid.h
mycat.cc Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
mycat.h - Put all jar files in the SHARE directory (was PLUGIN) 2021-05-17 19:17:31 +02:00
myconn.cpp Merge branch '10.3' into 10.4 2023-01-28 18:22:55 +01:00
myconn.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
MysqlInterface.java
myutil.cpp MDEV-29782 CONNECT YEAR type conversion fix 2023-02-21 17:55:01 +00:00
myutil.h - Make possible to allocate work space larger than 4GB 2020-10-01 19:18:26 +02:00
noconst.c
odbccat.h
odbconn.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
odbconn.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
OracleInterface.java
os.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
osutil.c Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
osutil.h In CONNECT version 1.6.10 NOSQL facility is enhanced by a new way to retrieve NOSQL data. 2019-08-24 16:14:24 +02:00
plgcnx.h
plgdbsem.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
plgdbutl.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
plgodbc.h
plgxml.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
plgxml.h
plugutil.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
PostgresqlInterface.java
preparse.h
rcmsg.c - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
rcmsg.h
reldef.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
reldef.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
resource.h
rest.def In CONNECT version 1.6.10 NOSQL facility is enhanced by a new way to retrieve NOSQL data. 2019-08-24 16:14:24 +02:00
restget.cpp Update to version 1.07 (as for MariaDB 10.2) 2020-01-09 16:10:25 +01:00
tabbson.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
tabbson.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabcmg.cpp - Make user variable prefix recognized by IsArgJson and IsJson 2021-07-24 16:28:57 +02:00
tabcmg.h - Make user variable prefix recognized by IsArgJson and IsJson 2021-07-24 16:28:57 +02:00
tabcol.cpp
tabcol.h
tabdos.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
tabdos.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabext.cpp MDEV-30713 field length handling for CONNECT engine 2023-04-21 15:47:53 +01:00
tabext.h MDEV-29687:ODBC tables do not quote identifier names correctly (#2295) 2022-10-21 13:26:06 +01:00
tabfix.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabfix.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabfmt.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
tabfmt.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabjdbc.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
tabjdbc.h
tabjmg.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabjmg.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabjson.cpp Minimize unsafe C functions usage - replace strcat() and strcpy() 2023-04-20 15:27:20 +01:00
tabjson.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
table.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabmac.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabmac.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
tabmul.cpp Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
tabmul.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabmysql.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabmysql.h MDEV-27766: connect engine; INSERT ignore option, was ignored 2022-06-10 11:36:59 +10:00
taboccur.cpp Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
taboccur.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabodbc.cpp MDEV-25767 Fix CONNECT ODBC WHERE condition crash (#2243) 2022-09-23 14:02:41 +01:00
tabodbc.h
tabpivot.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabpivot.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabrest.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabrest.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
tabsys.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabsys.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabtbl.cpp clang15 warnings - unused vars and old prototypes 2023-01-10 17:10:43 +00:00
tabtbl.h
tabutil.cpp Merge branch '10.3' into 10.4 2022-07-27 11:02:57 +02:00
tabutil.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabvct.cpp - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
tabvct.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabvir.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabvir.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabwmi.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabwmi.h
tabxcl.cpp Merge branch '10.3' into 10.4 2021-07-31 22:59:58 +02:00
tabxcl.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
tabxml.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
tabxml.h - Fix https://stackoverflow.com/questions/60625778/import-complex-xml-from-multiple-files-in-mariadb/60637429#60637429 2020-03-12 19:06:03 +01:00
tabzip.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
tabzip.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
TestInsert2.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
TestInsert3.java - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
unzip.c
unzip.h
user_connect.cc - Fix memory leak for the JSON table type 2020-12-01 19:39:09 +01:00
user_connect.h Fixed compiler warnings from gcc 7.4.1 2020-01-29 23:23:55 +02:00
valblk.cpp Merge branch '10.3' into 10.4 2022-10-01 23:07:26 +02:00
valblk.h Fix MIPS build failure: Handle unaligned buffers in connect's TYPBLK class 2021-10-19 16:08:51 +03:00
value.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
value.h MDEV-30713 field length handling for CONNECT engine 2023-04-21 15:47:53 +01:00
xindex.cpp Fix insecure use of strcpy, strcat and sprintf in Connect 2023-05-12 15:37:00 +01:00
xindex.h - Fix MDEV-25863 : Replace __WIN__ by _WIN32 2021-06-08 17:44:43 +02:00
xobject.cpp Use memory safe snprintf() in Connect Engine 2022-07-26 16:28:59 +10:00
xobject.h - Getting text of json items now includes all array members 2020-11-07 15:40:46 +01:00
xtable.h Apply clang-tidy to remove empty constructors / destructors 2023-02-09 16:09:08 +02:00
zip.c Merge branch '10.3' into 10.4 2023-01-10 21:04:17 +01:00
zip.h