mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-24 07:44:22 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/strings/my_strchr.c
Mats Kindahl fc9f3efaec BUG#58246: INSTALL PLUGIN not secure & crashable 
When installing plugins, there is a missing check
for slash (/) in the path on Windows. Note that on
Windows, both / and \ can be used to separate
directories.

This patch fixes the issue by:
- Adding a FN_DIRSEP symbol for all platforms
  consisting of a string of legal directory
  separators.
- Adding a charset-aware version of strcspn().
- Adding a check_valid_path() function that uses
  my_strcspn() to check if any FN_DIRSEP character
  is in the supplied string.
- Using the check_valid_path() function in
  sql_plugin.cc and sql_udf.cc (which means
  replacing the existing test there).

include/config-netware.h:
  Adding FN_DIRSEP
  ******
  Adding FN_DIRSEP
include/config-win.h:
  Adding FN_DIRSEP
  ******
  Adding FN_DIRSEP
include/m_ctype.h:
  Adding my_strspn() and my_strcspn().
  
  ******
  Adding my_strspn() and my_strcspn().
include/my_global.h:
  Adding FN_DIRSEP
  ******
  Adding FN_DIRSEP
mysql-test/t/plugin_not_embedded.test:
  Adding test that file names containing / is
  disallowed on *all* platforms.
  ******
  Adding test that file names containing / is
  disallowed on *all* platforms.
sql/sql_plugin.cc:
  Introducing check_if_path() function for
  checking if filename is a path to include
  / on Windows.
  ******
  Introducing check_if_path() function for
  checking if filename is a path to include
  / on Windows.
sql/sql_udf.cc:
  Switching to use check_if_path() function.
  ******
  Switching to use check_if_path() function.
strings/my_strchr.c:
  Adding my_strspn() and my_strcspn().
  ******
  Adding my_strspn() and my_strcspn().
2010-12-01 13:54:50 +01:00

104 lines
3.9 KiB
C
Raw Blame History

/* Copyright (C) 2005 MySQL AB
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */
#include <my_global.h>
#include "m_string.h"
#include "m_ctype.h"
#define NEQ(A, B) ((A) != (B))
#define EQU(A, B) ((A) == (B))
/**
Macro for the body of the string scanning.
@param CS The character set of the string
@param STR Pointer to beginning of string
@param END Pointer to one-after-end of string
@param ACC Pointer to beginning of accept (or reject) string
@param LEN Length of accept (or reject) string
@param CMP is a function-like for doing the comparison of two characters.
*/
#define SCAN_STRING(CS, STR, END, ACC, LEN, CMP) \
do { \
uint mbl; \
const char *ptr_str, *ptr_acc; \
const char *acc_end= (ACC) + (LEN); \
for (ptr_str= (STR) ; ptr_str < (END) ; ptr_str+= mbl) \
{ \
mbl= my_mbcharlen((CS), *(uchar*)ptr_str); \
if (mbl < 2) \
{ \
DBUG_ASSERT(mbl == 1); \
for (ptr_acc= (ACC) ; ptr_acc < acc_end ; ++ptr_acc) \
if (CMP(*ptr_acc, *ptr_str)) \
goto end; \
} \
} \
end: \
return (size_t) (ptr_str - (STR)); \
} while (0)
/*
my_strchr(cs, str, end, c) returns a pointer to the first place in
str where c (1-byte character) occurs, or NULL if c does not occur
in str. This function is multi-byte safe.
TODO: should be moved to CHARSET_INFO if it's going to be called
frequently.
*/
char *my_strchr(CHARSET_INFO *cs, const char *str, const char *end,
pchar c)
{
uint mbl;
while (str < end)
{
mbl= my_mbcharlen(cs, *(uchar *)str);
if (mbl < 2)
{
if (*str == c)
return((char *)str);
str++;
}
else
str+= mbl;
}
return(0);
}
/**
Calculate the length of the initial segment of 'str' which consists
entirely of characters not in 'reject'.
@note The reject string points to single-byte characters so it is
only possible to find the first occurrence of a single-byte
character. Multi-byte characters in 'str' are treated as not
matching any character in the reject string.
@todo should be moved to CHARSET_INFO if it's going to be called
frequently.
@internal The implementation builds on the assumption that 'str' is long,
while 'reject' is short. So it compares each character in string
with the characters in 'reject' in a tight loop over the characters
in 'reject'.
*/
size_t my_strcspn(CHARSET_INFO *cs, const char *str, const char *str_end,
const char *reject)
{
SCAN_STRING(cs, str, str_end, reject, strlen(reject), EQU);
}
Reference in a new issue View git blame Copy permalink