Merge branch '3.1' into 3.3

mariadb-corporation · Jul 24, 2023 · 3a255ee · 3a255ee
2 parents 681fbd9 + 3393fe3
commit 3a255ee
Show file tree

Hide file tree

Showing 10 changed files with 19 additions and 21 deletions.
diff --git a/include/ma_common.h b/include/ma_common.h
@@ -86,6 +86,7 @@ struct st_mysql_options_extension {
   unsigned short rpl_port;
   void (*status_callback)(void *ptr, enum enum_mariadb_status_info type, ...);
   void *status_data;
+  my_bool tls_verify_server_cert;
 };
 
 typedef struct st_connection_handler

diff --git a/include/ma_global.h b/include/ma_global.h
@@ -790,9 +790,9 @@ typedef char		bool;	/* Ordinary boolean values 0 1 */
 #define uint8korr(A)	(*((ulonglong *) (A)))
 #define sint8korr(A)	(*((longlong *) (A)))
 #define int2store(T,A)	*((uint16*) (T))= (uint16) (A)
-#define int3store(T,A)  do { *(T)=  (uchar) ((A));\
-                            *(T+1)=(uchar) (((uint) (A) >> 8));\
-                            *(T+2)=(uchar) (((A) >> 16)); } while (0)
+#define int3store(T,A)  do { *(T)=  (uchar) ((A) & 0xff);\
+                            *(T+1)=(uchar) (((uint) (A) >> 8) & 0xff);\
+                            *(T+2)=(uchar) (((A) >> 16)  & 0xff); } while (0)
 #define int4store(T,A)	*((long *) (T))= (long) (A)
 #define int5store(T,A)  do { *(T)= (uchar)((A));\
                              *((T)+1)=(uchar) (((A) >> 8));\

diff --git a/include/mariadb_com.h b/include/mariadb_com.h
@@ -165,6 +165,7 @@ enum enum_server_command
 #define CLIENT_PROGRESS          (1UL << 29) /* client supports progress indicator */
 #define CLIENT_PROGRESS_OBSOLETE  CLIENT_PROGRESS 
 #define CLIENT_SSL_VERIFY_SERVER_CERT (1UL << 30)
+#define CLIENT_SSL_VERIFY_SERVER_CERT_OBSOLETE CLIENT_SSL_VERIFY_SERVER_CERT
 #define CLIENT_REMEMBER_OPTIONS  (1UL << 31)
 
 /* MariaDB specific capabilities */

diff --git a/libmariadb/ma_pvio.c b/libmariadb/ma_pvio.c
@@ -544,7 +544,7 @@ my_bool ma_pvio_start_ssl(MARIADB_PVIO *pvio)
      2. verify CN (requires option ssl_verify_check)
      3. verrify finger print
   */
-  if ((pvio->mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+  if (pvio->mysql->options.extension->tls_verify_server_cert &&
          ma_pvio_tls_verify_server_cert(pvio->ctls))
     return 1;
 

diff --git a/libmariadb/ma_stmt_codec.c b/libmariadb/ma_stmt_codec.c
@@ -606,18 +606,18 @@ static void convert_from_long(MYSQL_BIND *r_param, const MYSQL_FIELD *field, lon
 {
   switch (r_param->buffer_type) {
     case MYSQL_TYPE_TINY:
-      *(uchar *)r_param->buffer= (uchar)val;
+      *(uchar *)r_param->buffer= (uchar)(val & 0xff);
       *r_param->error= r_param->is_unsigned ? NUMERIC_TRUNCATION(val, 0, UINT_MAX8) : NUMERIC_TRUNCATION(val, INT_MIN8, INT_MAX8);
       r_param->buffer_length= 1;
       break;
     case MYSQL_TYPE_SHORT:
     case MYSQL_TYPE_YEAR:
-      shortstore(r_param->buffer, (short)val);
+      shortstore(r_param->buffer, (short)(val & 0xffff));
       *r_param->error= r_param->is_unsigned ? NUMERIC_TRUNCATION(val, 0, UINT_MAX16) : NUMERIC_TRUNCATION(val, INT_MIN16, INT_MAX16);
       r_param->buffer_length= 2;
       break;
     case MYSQL_TYPE_LONG:
-      longstore(r_param->buffer, (int32)val);
+      longstore(r_param->buffer, (int32)(val & 0xffffffff));
       *r_param->error= r_param->is_unsigned ? NUMERIC_TRUNCATION(val, 0, UINT_MAX32) : NUMERIC_TRUNCATION(val, INT_MIN32, INT_MAX32);
       r_param->buffer_length= 4;
       break;

diff --git a/libmariadb/mariadb_lib.c b/libmariadb/mariadb_lib.c
@@ -3534,10 +3534,7 @@ mysql_optionsv(MYSQL *mysql,enum mysql_option option, ...)
     mysql->options.use_ssl= (*(my_bool *)arg1);
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    if (*(my_bool *)arg1)
-      mysql->options.client_flag |= CLIENT_SSL_VERIFY_SERVER_CERT;
-    else
-      mysql->options.client_flag &= ~CLIENT_SSL_VERIFY_SERVER_CERT;
+    OPT_SET_EXTENDED_VALUE(&mysql->options, tls_verify_server_cert, *(my_bool *)arg1);
     break;
   case MYSQL_OPT_SSL_KEY:
     OPT_SET_VALUE_STR(&mysql->options, ssl_key, (char *)arg1);
@@ -3903,7 +3900,7 @@ mysql_get_optionv(MYSQL *mysql, enum mysql_option option, void *arg, ...)
     *((my_bool *)arg)= mysql->options.use_ssl;
     break;
   case MYSQL_OPT_SSL_VERIFY_SERVER_CERT:
-    *((my_bool *)arg)= test(mysql->options.client_flag & CLIENT_SSL_VERIFY_SERVER_CERT);
+    *((my_bool*)arg) = mysql->options.extension ? mysql->options.extension->tls_verify_server_cert : 0;
     break;
   case MYSQL_OPT_SSL_KEY:
     *((char **)arg)= mysql->options.ssl_key;

diff --git a/libmariadb/secure/gnutls.c b/libmariadb/secure/gnutls.c
@@ -1357,7 +1357,7 @@ static int my_verify_callback(gnutls_session_t ssl)
 
   CLEAR_CLIENT_ERROR(mysql);
 
-  if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT))
+  if ((mysql->options.extension->tls_verify_server_cert))
   {
     const char *hostname= mysql->host;
 
@@ -1372,7 +1372,7 @@ static int my_verify_callback(gnutls_session_t ssl)
     gnutls_datum_t out;
     int type;
     /* accept self signed certificates if we don't have to verify server cert */
-    if (!(mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) &&
+    if (!(mysql->options.extension->tls_verify_server_cert) &&
         (status & GNUTLS_CERT_SIGNER_NOT_FOUND))
       return 0;
 

diff --git a/libmariadb/secure/openssl.c b/libmariadb/secure/openssl.c
@@ -505,9 +505,8 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
   /* In case handshake failed or if a root certificate (ca) was specified,
      we need to check the result code of X509 verification. A detailed check
      of the peer certificate (hostname checking will follow later) */
-  if (rc != 1 ||
-      (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) ||
-      (mysql->options.ssl_ca || mysql->options.ssl_capath))
+  if (rc != 1 || mysql->options.extension->tls_verify_server_cert ||
+      mysql->options.ssl_ca || mysql->options.ssl_capath)
   {
     long x509_err= SSL_get_verify_result(ssl);
     if (x509_err != X509_V_OK)

diff --git a/libmariadb/secure/schannel.c b/libmariadb/secure/schannel.c
@@ -448,11 +448,11 @@ my_bool ma_tls_connect(MARIADB_TLS *ctls)
     goto end;
 
    verify_certs =  mysql->options.ssl_ca || mysql->options.ssl_capath ||
-     (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT);
+     (mysql->options.extension->tls_verify_server_cert);
 
   if (verify_certs)
   {
-    if (!ma_schannel_verify_certs(ctls, (mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT)))
+    if (!ma_schannel_verify_certs(ctls, mysql->options.extension->tls_verify_server_cert))
       goto end;
   }
 

diff --git a/plugins/auth/my_auth.c b/plugins/auth/my_auth.c
@@ -223,7 +223,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
   if (mysql->options.ssl_key || mysql->options.ssl_cert ||
       mysql->options.ssl_ca || mysql->options.ssl_capath ||
       mysql->options.ssl_cipher || mysql->options.use_ssl ||
-      (mysql->options.client_flag & CLIENT_SSL_VERIFY_SERVER_CERT))
+      mysql->options.extension->tls_verify_server_cert)
     mysql->options.use_ssl= 1;
   if (mysql->options.use_ssl)
     mysql->client_flag|= CLIENT_SSL;
@@ -249,7 +249,7 @@ static int send_client_reply_packet(MCPVIO_EXT *mpvio,
      was set to mandatory, we need to return an error */
   if (mysql->options.use_ssl && !(mysql->server_capabilities & CLIENT_SSL))
   {
-    if ((mysql->client_flag & CLIENT_SSL_VERIFY_SERVER_CERT) ||
+    if (mysql->options.extension->tls_verify_server_cert ||
         (mysql->options.extension && (mysql->options.extension->tls_fp || 
                                       mysql->options.extension->tls_fp_list)))
     {