Skip to content

Commit e11661a

Browse files
dingweiqingsgrooverdan
authored andcommitted
MDEV-25343 Error log message not helpful when filekey is too long
Add a test related to the Encrypted Key File by following instructions in kb example https://mariadb.com/kb/en/file-key-management-encryption-plugin/#creating-the-key-file Reviewed by Daniel Black (with minor formatting and re-org of duplicate close(f) calls).
1 parent 9de37e0 commit e11661a

10 files changed

+71
-3
lines changed
Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,17 @@
1+
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
2+
show create table t1;
3+
Table Create Table
4+
t1 CREATE TABLE `t1` (
5+
`c1` bigint(20) NOT NULL,
6+
`b` char(200) DEFAULT NULL
7+
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=1
8+
insert t1 values (12345, repeat('1234567890', 20));
9+
alter table t1 encryption_key_id=2;
10+
show create table t1;
11+
Table Create Table
12+
t1 CREATE TABLE `t1` (
13+
`c1` bigint(20) NOT NULL,
14+
`b` char(200) DEFAULT NULL
15+
) ENGINE=InnoDB DEFAULT CHARSET=latin1 COLLATE=latin1_swedish_ci `encrypted`=yes `encryption_key_id`=2
16+
drop table t1;
17+
# Test checks if opening an too large secret does not crash the server.
Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
call mtr.add_suppression("the filekey is too long");
2+
call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
3+
call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
4+
FOUND 1 /the filekey is too long/ in mysqld.1.err
5+
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
6+
ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
7+
select plugin_status from information_schema.plugins
8+
where plugin_name = 'file_key_management';
9+
plugin_status
10+
# Test checks if opening an too large secret does not crash the server.
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
2+
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
3+
secretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecretsecret
4+
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
Salted__��4��0-6�L��� �sK?p\�a�m8��N?q �n�<��*g��( ��|F����/����!
2+
�� kok6���y7t67�D#��g洄�ʗ��ԣ��iyu�*i�#�ƈ82#6� ��.C�8۝�;7�Bԣ���
3+
0� /
4+
��w��0w"xԱQu04��x�kj�{���W΢���3C�5՜� ��ᔪ�����P�$=�Ҳ
Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
c9518399cbec2b5edf773e06d1b934b90ec0f46ae455b8f1e001b5629ef31a513b83e676bf654c08ba98659461410e5e040e46237a7d50b40bd9bb90576f841275506e61523e5e9a0beb7641127ed2d946395b6fee7ff5263a9019cbe71bd907bf1ac6365940fa391086830a4e6c1d2972b99505467ef31cfb46d0cb7ab8f4f1
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.key
2+
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys_secret_openssl_rand_128bits.enc
3+
Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
-- source include/have_innodb.inc
2+
-- source filekeys_plugin.inc
3+
4+
create table t1(c1 bigint not null, b char(200)) engine=innodb encrypted=yes encryption_key_id=1;
5+
show create table t1;
6+
insert t1 values (12345, repeat('1234567890', 20));
7+
8+
alter table t1 encryption_key_id=2;
9+
show create table t1;
10+
11+
drop table t1;
12+
13+
--echo # Test checks if opening an too large secret does not crash the server.
Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
--loose-file-key-management-filekey=FILE:$MTR_SUITE_DIR/t/filekeys-data-too-long.key
2+
--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-data.enc
3+
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
let SEARCH_PATTERN=the filekey is too long;
2+
source filekeys_badtest.inc;
3+
4+
--echo # Test checks if opening an too large secret does not crash the server.

plugin/file_key_management/parser.cc

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -170,19 +170,28 @@ bool Parser::read_filekey(const char *filekey, char *secret)
170170
int f= open(filekey, O_RDONLY|O_BINARY);
171171
if (f == -1)
172172
{
173-
my_error(EE_FILENOTFOUND,ME_ERROR_LOG, filekey, errno);
173+
my_error(EE_FILENOTFOUND, ME_ERROR_LOG, filekey, errno);
174174
return 1;
175175
}
176176

177-
int len= read(f, secret, MAX_SECRET_SIZE);
177+
int len= read(f, secret, MAX_SECRET_SIZE + 1);
178178
if (len <= 0)
179179
{
180-
my_error(EE_READ,ME_ERROR_LOG, filekey, errno);
180+
my_error(EE_READ, ME_ERROR_LOG, filekey, errno);
181181
close(f);
182182
return 1;
183183
}
184184
close(f);
185+
185186
while (secret[len - 1] == '\r' || secret[len - 1] == '\n') len--;
187+
if (len > MAX_SECRET_SIZE)
188+
{
189+
my_printf_error(EE_READ,
190+
"Cannot read %s, the filekey is too long, "
191+
"max secret size is %dB ",
192+
ME_ERROR_LOG, filekey, MAX_SECRET_SIZE);
193+
return 1;
194+
}
186195
secret[len]= '\0';
187196
return 0;
188197
}

0 commit comments

Comments
 (0)