← Back to branch summary

~ubuntu-branches/ubuntu/lucid/mysql-dfsg-5.1/lucid-security

« back to all changes in this revision

Viewing changes to sql/item_strfunc.h

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-02-22 22:33:55 UTC
  • mfrom: (1.1.5)
  • Revision ID: package-import@ubuntu.com-20120222223355-or06x1euyk8n0ldi
Tags: 5.1.61-0ubuntu0.10.04.1
https://launchpad.net/bugs/937869
* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/90_mysql_safer_strmov.dpatch
  - debian/patches/51_ssl_test_certs.dpatch
  - debian/patches/52_CVE-2009-4030.dpatch
  - debian/patches/53_CVE-2009-4484.dpatch
  - debian/patches/54_CVE-2008-7247.dpatch
  - debian/patches/55_CVE-2010-1621.dpatch
  - debian/patches/56_CVE-2010-1850.dpatch
  - debian/patches/57_CVE-2010-1849.dpatch
  - debian/patches/58_CVE-2010-1848.dpatch
  - debian/patches/59_CVE-2010-1626.dpatch
  - debian/patches/60_CVE-2010-2008.dpatch
  - debian/patches/60_CVE-2010-3677.dpatch
  - debian/patches/60_CVE-2010-3678.dpatch
  - debian/patches/60_CVE-2010-3679.dpatch
  - debian/patches/60_CVE-2010-3680.dpatch
  - debian/patches/60_CVE-2010-3681.dpatch
  - debian/patches/60_CVE-2010-3682.dpatch
  - debian/patches/60_CVE-2010-3683.dpatch
  - debian/patches/60_CVE-2010-3833.dpatch
  - debian/patches/60_CVE-2010-3834.dpatch
  - debian/patches/60_CVE-2010-3835.dpatch
  - debian/patches/60_CVE-2010-3836.dpatch
  - debian/patches/60_CVE-2010-3837.dpatch
  - debian/patches/60_CVE-2010-3838.dpatch
  - debian/patches/60_CVE-2010-3839.dpatch
  - debian/patches/60_CVE-2010-3840.dpatch
  - debian/patches/61_disable_longfilename_test.dpatch
  - debian/patches/62_alter_table_fix.dpatch
  - debian/patches/63_cherrypick-upstream-49479.dpatch
  - debian/patches/10_readline_build_fix.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

Show diffs side-by-side

added added

removed removed

Lines of Context:
sql/item_strfunc.h
1
 
/* Copyright (C) 2000-2003 MySQL AB
 
1
/*
 
2
   Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
2
3
 
3
4
   This program is free software; you can redistribute it and/or modify
4
5
   it under the terms of the GNU General Public License as published by
11
12
 
12
13
   You should have received a copy of the GNU General Public License
13
14
   along with this program; if not, write to the Free Software
14
 
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
 
15
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
 
16
*/
15
17
 
16
18
 
17
19
/* This file defines all string functions */
22
24
 
23
25
class Item_str_func :public Item_func
24
26
{
 
27
protected:
 
28
  /**
 
29
     Sets the result value of the function an empty string, using the current
 
30
     character set. No memory is allocated.
 
31
     @retval A pointer to the str_value member.
 
32
   */
 
33
  String *make_empty_result() {
 
34
    str_value.set("", 0, collation.collation);
 
35
    return &str_value; 
 
36
  }
25
37
public:
26
38
  Item_str_func() :Item_func() { decimals=NOT_FIXED_DEC; }
27
39
  Item_str_func(Item *a) :Item_func(a) {decimals=NOT_FIXED_DEC; }
351
363
 
352
364
class Item_func_encode :public Item_str_func
353
365
{
 
366
private:
 
367
  /** Whether the PRNG has already been seeded. */
 
368
  bool seeded;
 
369
protected:
 
370
  SQL_CRYPT sql_crypt;
354
371
public:
355
372
  Item_func_encode(Item *a, Item *seed):
356
373
    Item_str_func(a, seed) {}
357
374
  String *val_str(String *);
358
375
  void fix_length_and_dec();
359
376
  const char *func_name() const { return "encode"; }
 
377
protected:
 
378
  virtual void crypto_transform(String *);
 
379
private:
 
380
  /** Provide a seed for the PRNG sequence. */
 
381
  bool seed();
360
382
};
361
383
 
362
384
 
364
386
{
365
387
public:
366
388
  Item_func_decode(Item *a, Item *seed): Item_func_encode(a, seed) {}
367
 
  String *val_str(String *);
368
389
  const char *func_name() const { return "decode"; }
 
390
protected:
 
391
  void crypto_transform(String *);
369
392
};
370
393
 
371
394
 
684
707
  void fix_length_and_dec()
685
708
  {
686
709
    collation.set(args[0]->collation);
687
 
    max_length= args[0]->max_length * 2 + 2;
 
710
    ulonglong max_result_length= (ulonglong) args[0]->max_length * 2 +
 
711
                                  2 * collation.collation->mbmaxlen;
 
712
    max_length= (uint32) min(max_result_length, MAX_BLOB_WIDTH);
688
713
  }
689
714
};
690
715
 
691
716
class Item_func_conv_charset :public Item_str_func
692
717
{
693
718
  bool use_cached_value;
 
719
  String tmp_value;
694
720
public:
695
721
  bool safe;
696
722
  CHARSET_INFO *conv_charset; // keep it public