← Back to branch summary

~ubuntu-branches/ubuntu/lucid/mysql-dfsg-5.1/lucid-security

« back to all changes in this revision

Viewing changes to sql/sql_udf.cc

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-02-22 22:33:55 UTC
  • mfrom: (1.1.5)
  • Revision ID: package-import@ubuntu.com-20120222223355-or06x1euyk8n0ldi
Tags: 5.1.61-0ubuntu0.10.04.1
https://launchpad.net/bugs/937869
* SECURITY UPDATE: Update to 5.1.61 to fix multiple security issues
  (LP: #937869)
  - http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
  - CVE-2011-2262
  - CVE-2012-0075
  - CVE-2012-0112
  - CVE-2012-0113
  - CVE-2012-0114
  - CVE-2012-0115
  - CVE-2012-0116
  - CVE-2012-0117
  - CVE-2012-0118
  - CVE-2012-0119
  - CVE-2012-0120
  - CVE-2012-0484
  - CVE-2012-0485
  - CVE-2012-0486
  - CVE-2012-0487
  - CVE-2012-0488
  - CVE-2012-0489
  - CVE-2012-0490
  - CVE-2012-0491
  - CVE-2012-0492
  - CVE-2012-0493
  - CVE-2012-0494
  - CVE-2012-0495
  - CVE-2012-0496
* Dropped patches unnecessary with 5.1.61:
  - debian/patches/90_mysql_safer_strmov.dpatch
  - debian/patches/51_ssl_test_certs.dpatch
  - debian/patches/52_CVE-2009-4030.dpatch
  - debian/patches/53_CVE-2009-4484.dpatch
  - debian/patches/54_CVE-2008-7247.dpatch
  - debian/patches/55_CVE-2010-1621.dpatch
  - debian/patches/56_CVE-2010-1850.dpatch
  - debian/patches/57_CVE-2010-1849.dpatch
  - debian/patches/58_CVE-2010-1848.dpatch
  - debian/patches/59_CVE-2010-1626.dpatch
  - debian/patches/60_CVE-2010-2008.dpatch
  - debian/patches/60_CVE-2010-3677.dpatch
  - debian/patches/60_CVE-2010-3678.dpatch
  - debian/patches/60_CVE-2010-3679.dpatch
  - debian/patches/60_CVE-2010-3680.dpatch
  - debian/patches/60_CVE-2010-3681.dpatch
  - debian/patches/60_CVE-2010-3682.dpatch
  - debian/patches/60_CVE-2010-3683.dpatch
  - debian/patches/60_CVE-2010-3833.dpatch
  - debian/patches/60_CVE-2010-3834.dpatch
  - debian/patches/60_CVE-2010-3835.dpatch
  - debian/patches/60_CVE-2010-3836.dpatch
  - debian/patches/60_CVE-2010-3837.dpatch
  - debian/patches/60_CVE-2010-3838.dpatch
  - debian/patches/60_CVE-2010-3839.dpatch
  - debian/patches/60_CVE-2010-3840.dpatch
  - debian/patches/61_disable_longfilename_test.dpatch
  - debian/patches/62_alter_table_fix.dpatch
  - debian/patches/63_cherrypick-upstream-49479.dpatch
  - debian/patches/10_readline_build_fix.dpatch
* debian/mysql-client-5.1.docs: removed EXCEPTIONS-CLIENT file
* debian/mysql-server-5.1.docs,debian/libmysqlclient16.docs,
  debian/libmysqlclient-dev.docs: removed, no longer necessary.

Show diffs side-by-side

added added

removed removed

Lines of Context:
sql/sql_udf.cc
1
 
/* Copyright (C) 2000 MySQL AB
 
1
/*
 
2
   Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved.
2
3
 
3
4
   This program is free software; you can redistribute it and/or modify
4
5
   it under the terms of the GNU General Public License as published by
11
12
 
12
13
   You should have received a copy of the GNU General Public License
13
14
   along with this program; if not, write to the Free Software
14
 
   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA */
 
15
   Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
 
16
*/
15
17
 
16
18
/* This implements 'user defined functions' */
17
19
 
173
175
 
174
176
      On windows we must check both FN_LIBCHAR and '/'.
175
177
    */
176
 
    if (my_strchr(files_charset_info, dl_name,
177
 
                  dl_name + strlen(dl_name), FN_LIBCHAR) ||
178
 
        IF_WIN(my_strchr(files_charset_info, dl_name,
179
 
                         dl_name + strlen(dl_name), '/'), 0) ||
 
178
    if (check_valid_path(dl_name, strlen(dl_name)) ||
180
179
        check_string_char_length(&name, "", NAME_CHAR_LEN,
181
180
                                 system_charset_info, 1))
182
181
    {
398
397
  TABLE *table;
399
398
  TABLE_LIST tables;
400
399
  udf_func *u_d;
 
400
  bool save_binlog_row_based;
401
401
  DBUG_ENTER("mysql_create_function");
402
402
 
403
403
  if (!initialized)
415
415
    Ensure that the .dll doesn't have a path
416
416
    This is done to ensure that only approved dll from the system
417
417
    directories are used (to make this even remotely secure).
418
 
 
419
 
    On windows we must check both FN_LIBCHAR and '/'.
420
418
  */
421
 
  if (my_strchr(files_charset_info, udf->dl,
422
 
                udf->dl + strlen(udf->dl), FN_LIBCHAR) ||
423
 
      IF_WIN(my_strchr(files_charset_info, udf->dl,
424
 
                       udf->dl + strlen(udf->dl), '/'), 0))
 
419
  if (check_valid_path(udf->dl, strlen(udf->dl)))
425
420
  {
426
421
    my_message(ER_UDF_NO_PATHS, ER(ER_UDF_NO_PATHS), MYF(0));
427
422
    DBUG_RETURN(1);
437
432
    Turn off row binlogging of this statement and use statement-based 
438
433
    so that all supporting tables are updated for CREATE FUNCTION command.
439
434
  */
440
 
  if (thd->current_stmt_binlog_row_based)
441
 
    thd->clear_current_stmt_binlog_row_based();
 
435
  save_binlog_row_based= thd->current_stmt_binlog_row_based;
 
436
  thd->clear_current_stmt_binlog_row_based();
442
437
 
443
438
  rw_wrlock(&THR_LOCK_udf);
444
439
  if ((hash_search(&udf_hash,(uchar*) udf->name.str, udf->name.length)))
506
501
  rw_unlock(&THR_LOCK_udf);
507
502
 
508
503
  /* Binlog the create function. */
509
 
  write_bin_log(thd, TRUE, thd->query(), thd->query_length());
510
 
 
 
504
  if (write_bin_log(thd, TRUE, thd->query(), thd->query_length()))
 
505
  {
 
506
    /* Restore the state of binlog format */
 
507
    thd->current_stmt_binlog_row_based= save_binlog_row_based;
 
508
    DBUG_RETURN(1);
 
509
  }
 
510
  /* Restore the state of binlog format */
 
511
  thd->current_stmt_binlog_row_based= save_binlog_row_based;
511
512
  DBUG_RETURN(0);
512
513
 
513
514
 err:
514
515
  if (new_dl)
515
516
    dlclose(dl);
516
517
  rw_unlock(&THR_LOCK_udf);
 
518
  /* Restore the state of binlog format */
 
519
  thd->current_stmt_binlog_row_based= save_binlog_row_based;
517
520
  DBUG_RETURN(1);
518
521
}
519
522
 
525
528
  udf_func *udf;
526
529
  char *exact_name_str;
527
530
  uint exact_name_len;
 
531
  bool save_binlog_row_based;
528
532
  DBUG_ENTER("mysql_drop_function");
529
533
 
530
534
  if (!initialized)
540
544
    Turn off row binlogging of this statement and use statement-based
541
545
    so that all supporting tables are updated for DROP FUNCTION command.
542
546
  */
543
 
  if (thd->current_stmt_binlog_row_based)
544
 
    thd->clear_current_stmt_binlog_row_based();
 
547
  save_binlog_row_based= thd->current_stmt_binlog_row_based;
 
548
  thd->clear_current_stmt_binlog_row_based();
545
549
 
546
550
  rw_wrlock(&THR_LOCK_udf);  
547
551
  if (!(udf=(udf_func*) hash_search(&udf_hash,(uchar*) udf_name->str,
581
585
  rw_unlock(&THR_LOCK_udf);
582
586
 
583
587
  /* Binlog the drop function. */
584
 
  write_bin_log(thd, TRUE, thd->query(), thd->query_length());
585
 
 
 
588
  if (write_bin_log(thd, TRUE, thd->query(), thd->query_length()))
 
589
  {
 
590
    /* Restore the state of binlog format */
 
591
    thd->current_stmt_binlog_row_based= save_binlog_row_based;
 
592
    DBUG_RETURN(1);
 
593
  }
 
594
  /* Restore the state of binlog format */
 
595
  thd->current_stmt_binlog_row_based= save_binlog_row_based;
586
596
  DBUG_RETURN(0);
587
597
 err:
588
598
  rw_unlock(&THR_LOCK_udf);
 
599
  /* Restore the state of binlog format */
 
600
  thd->current_stmt_binlog_row_based= save_binlog_row_based;
589
601
  DBUG_RETURN(1);
590
602
}
591
603