mirror of
https://github.com/MariaDB/server.git
synced 2025-01-18 04:53:01 +01:00
MariaDB server is a community developed fork of MySQL server. Started by core members of the original MySQL team, MariaDB actively works with outside developers to deliver the most featureful, stable, and sanely licensed open SQL server in the industry.
amazon-web-servicesdatabasefulltext-searchgalerageographical-information-systeminnodbjsonmariadbmysqlrdbmsrelational-databasessqlstorage-enginevector-database
639605a919
SEEMS TO BE 'LEAKING' INTO THE SCHEMA NAME SPACE) and bug#12428824 (Parser stack overflow and crash in sp_add_used_routine with obscure query). The first problem was that attempts to call a stored function by its fully qualified name ended up with unwarranted error "ERROR 1305 (42000): FUNCTION someMixedCaseDb.my_function_name does not exist" if this function belonged to a schema that had uppercase letters in its name AND --lower_case_table_names was equal to either 1 or 2. The second problem was that 5.5 version of MySQL server might have crashed when a user tried to call stored function with too long name or too long database name (i.e if a function and database name combined occupied more than 2*3*64 bytes in utf8). This issue didn't affect versions of server < 5.5. The first problem was caused by the fact that in cases when a stored function was called by its fully qualified name we didn't lowercase name of its schema before performing look up of the function in mysql.proc table even although lower_case_table_names mode was on. As result we were unable to find this function since during its creation we store lowercased version of schema name in the system table in this mode and field for schema name uses binary collation. Calls to stored functions were unaffected by this problem since for them schema name is converted to lowercase as necessary. The reason for the second bug was that MySQL Server didn't check length of function name and database name before proceeding with execution of stored function. As a consequence too long database name or function name caused buffer overruns in places where the code assumes that their length is within fixed limits, like mdl_key_init() in 5.5. Again this issue didn't affect calls to stored procedures as for them length of schema name and procedure name are properly checked. This patch fixes both these bugs by adding calls to check_db_name() and check_routine_name() to grammar rule which corresponds to a call to a stored function. These functions ensure that length of database name and function name for routine called is within standard limit. Moreover call to check_db_name() handles conversion of database name to lowercase if --lower_case_table_names mode is on. Note that even although the second issue seems to be only reproducible in 5.5 we still add code fixing it to 5.1 to be on the safe side (and make code a bit more robust against possible future changes). |
||
|---|---|---|
| .bzr-mysql | ||
| BitKeeper | ||
| BUILD | ||
| client | ||
| cmd-line-utils | ||
| config/ac-macros | ||
| dbug | ||
| Docs | ||
| extra | ||
| include | ||
| libmysql | ||
| libmysql_r | ||
| libmysqld | ||
| man | ||
| mysql-test | ||
| mysys | ||
| netware | ||
| plugin | ||
| regex | ||
| scripts | ||
| server-tools | ||
| sql | ||
| sql-bench | ||
| sql-common | ||
| storage | ||
| strings | ||
| support-files | ||
| tests | ||
| unittest | ||
| vio | ||
| win | ||
| zlib | ||
| .bzrignore | ||
| .cvsignore | ||
| CMakeLists.txt | ||
| configure.in | ||
| COPYING | ||
| INSTALL-SOURCE | ||
| INSTALL-WIN-SOURCE | ||
| Makefile.am | ||
| README | ||
MySQL Server 5.1 This is a release of MySQL, a dual-license SQL database server. For the avoidance of doubt, this particular copy of the software is released under the version 2 of the GNU General Public License. MySQL is brought to you by Oracle. Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved. License information can be found in the COPYING file. MySQL FOSS License Exception We want free and open source software applications under certain licenses to be able to use specified GPL-licensed MySQL client libraries despite the fact that not all such FOSS licenses are compatible with version 2 of the GNU General Public License. Therefore there are special exceptions to the terms and conditions of the GPLv2 as applied to these client libraries, which are identified and described in more detail in the FOSS License Exception at <http://www.mysql.com/about/legal/licensing/foss-exception.html>. This distribution may include materials developed by third parties. For license and attribution notices for these materials, please refer to the documentation that accompanies this distribution (see the "Licenses for Third-Party Components" appendix) or view the online documentation at <http://dev.mysql.com/doc/>. GPLv2 Disclaimer For the avoidance of doubt, except that if any license choice other than GPL or LGPL is available it will apply instead, Oracle elects to use only the General Public License version 2 (GPLv2) at this time for any software where a choice of GPL license versions is made available with the language indicating that GPLv2 or any later version may be used, or where a choice of which version of the GPL is applied is otherwise unspecified. For further information about MySQL or additional documentation, see: - The latest information about MySQL: http://www.mysql.com - The current MySQL documentation: http://dev.mysql.com/doc Some Reference Manual sections of special interest: - If you are migrating from an older version of MySQL, please read the "Upgrading from..." section. - To see what MySQL can do, take a look at the features section. - For installation instructions, see the Installing and Upgrading chapter. - For the new features/bugfix history, see the MySQL Change History appendix. You can browse the MySQL Reference Manual online or download it in any of several formats at the URL given earlier in this file. Source distributions include a local copy of the manual in the Docs directory.