Skip to content
Permalink
Browse files

MDEV-20110 don't try to load client plugins with invalid names

reported by lixtelnis
  • Loading branch information...
vuvova committed Jul 21, 2019
1 parent f90040f commit 82563c5fc0a40d64d8e8e9de2bf6f904fa6c0dc6
Showing with 24 additions and 1 deletion.
  1. +5 −0 mysql-test/r/connect_debug.result
  2. +11 −0 mysql-test/t/connect_debug.test
  3. +7 −1 sql-common/client_plugin.c
  4. +1 −0 sql/sql_acl.cc
@@ -3,3 +3,8 @@ set global debug_dbug='+d,auth_disconnect';
create user 'bad' identified by 'worse';
set global debug_dbug=@old_dbug;
drop user bad;
set global debug_dbug='+d,auth_invalid_plugin';
create user 'bad' identified by 'worse';
ERROR 2059 (HY000): Authentication plugin 'foo/bar' cannot be loaded: invalid plugin name
set global debug_dbug=@old_dbug;
drop user bad;
@@ -1,3 +1,4 @@
source include/not_embedded.inc;
source include/have_debug.inc;
set @old_dbug=@@global.debug_dbug;

@@ -10,3 +11,13 @@ create user 'bad' identified by 'worse';
--exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse
set global debug_dbug=@old_dbug;
drop user bad;

#
# malicious server, invalid plugin name
#
set global debug_dbug='+d,auth_invalid_plugin';
create user 'bad' identified by 'worse';
--error 1
--exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1
set global debug_dbug=@old_dbug;
drop user bad;
@@ -362,7 +362,13 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type,
mysql->options.extension && mysql->options.extension->plugin_dir ?
mysql->options.extension->plugin_dir : PLUGINDIR, "/",
name, SO_EXT, NullS);


if (strpbrk(name, "()[]!@#$%^&/*;.,'?"))

This comment has been minimized.

Copy link
@9EOR9

9EOR9 Jul 25, 2019

Contributor

How about tilde and backslash?

This comment has been minimized.

Copy link
@vuvova

vuvova via email Jul 25, 2019

Author Member

This comment has been minimized.

Copy link
@vaintroub

vaintroub Jul 25, 2019

Member

dlopen won't interpret the backslash, but LoadLibrary will.

{
errmsg= "invalid plugin name";
goto err;
}

DBUG_PRINT ("info", ("dlopeninig %s", dlpath));
/* Open new dll handle */
if (!(dlhandle= dlopen(dlpath, RTLD_NOW)))
@@ -8256,6 +8256,7 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin;

DBUG_EXECUTE_IF("auth_disconnect", { vio_close(net->vio); DBUG_RETURN(1); });
DBUG_EXECUTE_IF("auth_invalid_plugin", client_auth_plugin="foo/bar"; );
DBUG_ASSERT(client_auth_plugin);

/*

0 comments on commit 82563c5

Please sign in to comment.
You can’t perform that action at this time.