diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2020-11-25 22:39:15 +0000 |
| commit | d934827bf44b7cfcf6711964418148fa60877668 (patch) | |
| tree | 0625f358789b5e015e49db139cc1dbc9be00428f /dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch | |
| parent | 2e34d110f164bf74d55fced27fe0000201b3eec5 (diff) | |
gentoo resync : 25.11.2020
Diffstat (limited to 'dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch')
| -rw-r--r-- | dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch new file mode 100644 index 000000000000..85d378f8232c --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch @@ -0,0 +1,75 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, + const void* msg, size_t msg_len, + const wsrep_gtid_t* current_gtid, + const char* state, size_t state_len, + bool bypass) + { +- /* This will be reset when sync callback is called. +- * Should we set wsrep_ready to FALSE here too? */ +- +- wsrep_config_state->set(WSREP_MEMBER_DONOR); +- + const char* method = (char*)msg; + size_t method_len = strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data = method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + char uuid_str[37]; + wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); + ++ /* This will be reset when sync callback is called. ++ * Should we set wsrep_ready to FALSE here too? */ ++ wsrep_config_state->set(WSREP_MEMBER_DONOR); ++ + wsp::env env(NULL); + if (env.error()) + { |