diff options
Diffstat (limited to 'dev-db/mariadb')
| -rw-r--r-- | dev-db/mariadb/Manifest | 2 | ||||
| -rw-r--r-- | dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch | 75 | ||||
| -rw-r--r-- | dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch | 62 |
3 files changed, 0 insertions, 139 deletions
diff --git a/dev-db/mariadb/Manifest b/dev-db/mariadb/Manifest index 8c79388cdeb7..8a4cfca6b20c 100644 --- a/dev-db/mariadb/Manifest +++ b/dev-db/mariadb/Manifest @@ -1,5 +1,3 @@ -AUX mariadb-10.3-CVE-2020-15180.patch 2202 BLAKE2B 4f15d360c02d73cdfb62e231c49ac29fb2d973664ed15b4a68403b131cc1d2f6b4be9089f2022254e03a649699d980b2212a88ec917ca4ae0fa38b1cca55e5c4 SHA512 1e3210cc6f27a9c39ac8300b80f7569617e23a879095e8341d19d1b4b4346f212bd49d706d282fd40e26186a79d659ad28663aae3ef618ddd4fc7f43911af080 -AUX mariadb-10.4-CVE-2020-15180.patch 1654 BLAKE2B 331536012f2e6bacef9f5ab75e93b38517e9807e83f3a47d87c047c8d0afd7e4f4235d99e9e7110880496d2ee7e2c58a3805de79e7febf2fa937cf9458aa4d99 SHA512 9eda36ef838f895fd14539052bf3fcd16a1fedcae27e6d7a5df29ef4c1a6957b850a2d55b39cc7bea2f016b972e611e7952de17aa99fc823cfd701c1b2e8e2be AUX my.cnf-10.2 140 BLAKE2B 3a56b7e38c3dc00215cae4bdc3270e30e85299d3290c0c995a611e4b8b15e66f40d6ac40ab18369e7863742ab6eda94259be5a7f363a26020c6fce28a7582e94 SHA512 85c650670e364f5f71842d9ab07b59c5de6e26e774e7192102562e56f94ed5f8fbc487cef31c134209c22b72fde38f7f53b7279cead97a8af608436d1ecc8857 AUX my.cnf.distro-client 643 BLAKE2B 5ffd286907ee28c92c85bbcc9a6266555733f1115f2d6b8009183dba6939b978ae8d1b8e0a53e672b8e1a1f621650399231723603fc5f96ef7218db84236e176 SHA512 801f6ab8be3110bb4dc38eaa4367715b8d342b69cadfe13dff987ef6c3aedb67d19449f8f2483e63df5d8b444ca30701b0d96f85e211de6b1e3db923b029acbc AUX my.cnf.distro-server 998 BLAKE2B a7f2977a96d394cb7e24d72d82a1c21095c4b55607e5ca4a2c10619278796c328931a5ec076c15b60afef370c2e5da02ca0c628f330e876b4d2c984eeb54df5f SHA512 d9ab6f7fdfe08e6c242f84410ec680ef6aa6778c4bd55fee67c644e1a7d997446d8ef2129be6fc9833d16fe40cf17e09cdf0cf015f06bb145bbf9cfecb51e882 diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch deleted file mode 100644 index 85d378f8232c..000000000000 --- a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch +++ /dev/null @@ -1,75 +0,0 @@ -https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 - ---- a/sql/wsrep_sst.cc -+++ b/sql/wsrep_sst.cc -@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method, - return arg.err; - } - -+/* return true if character can be a part of a filename */ -+static bool filename_char(int const c) -+{ -+ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); -+} -+ -+/* return true if character can be a part of an address string */ -+static bool address_char(int const c) -+{ -+ return filename_char(c) || -+ (c == ':') || (c == '[') || (c == ']') || (c == '/'); -+} -+ -+static bool check_request_str(const char* const str, -+ bool (*check) (int c)) -+{ -+ for (size_t i(0); str[i] != '\0'; ++i) -+ { -+ if (!check(str[i])) -+ { -+ WSREP_WARN("Illegal character in state transfer request: %i (%c).", -+ str[i], str[i]); -+ return true; -+ } -+ } -+ -+ return false; -+} -+ - wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, - const void* msg, size_t msg_len, - const wsrep_gtid_t* current_gtid, - const char* state, size_t state_len, - bool bypass) - { -- /* This will be reset when sync callback is called. -- * Should we set wsrep_ready to FALSE here too? */ -- -- wsrep_config_state->set(WSREP_MEMBER_DONOR); -- - const char* method = (char*)msg; - size_t method_len = strlen (method); -+ -+ if (check_request_str(method, filename_char)) -+ { -+ WSREP_ERROR("Bad SST method name. SST canceled."); -+ return WSREP_CB_FAILURE; -+ } -+ - const char* data = method + method_len + 1; - -+ if (check_request_str(data, address_char)) -+ { -+ WSREP_ERROR("Bad SST address string. SST canceled."); -+ return WSREP_CB_FAILURE; -+ } -+ - char uuid_str[37]; - wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); - -+ /* This will be reset when sync callback is called. -+ * Should we set wsrep_ready to FALSE here too? */ -+ wsrep_config_state->set(WSREP_MEMBER_DONOR); -+ - wsp::env env(NULL); - if (env.error()) - { diff --git a/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch deleted file mode 100644 index 9658669c6e61..000000000000 --- a/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch +++ /dev/null @@ -1,62 +0,0 @@ -https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 - ---- a/sql/wsrep_sst.cc -+++ b/sql/wsrep_sst.cc -@@ -1822,6 +1822,35 @@ static int sst_donate_other (const char* method, - return arg.err; - } - -+/* return true if character can be a part of a filename */ -+static bool filename_char(int const c) -+{ -+ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); -+} -+ -+/* return true if character can be a part of an address string */ -+static bool address_char(int const c) -+{ -+ return filename_char(c) || -+ (c == ':') || (c == '[') || (c == ']') || (c == '/'); -+} -+ -+static bool check_request_str(const char* const str, -+ bool (*check) (int c)) -+{ -+ for (size_t i(0); str[i] != '\0'; ++i) -+ { -+ if (!check(str[i])) -+ { -+ WSREP_WARN("Illegal character in state transfer request: %i (%c).", -+ str[i], str[i]); -+ return true; -+ } -+ } -+ -+ return false; -+} -+ - int wsrep_sst_donate(const std::string& msg, - const wsrep::gtid& current_gtid, - const bool bypass) -@@ -1833,8 +1862,21 @@ int wsrep_sst_donate(const std::string& msg, - - const char* method= msg.data(); - size_t method_len= strlen (method); -+ -+ if (check_request_str(method, filename_char)) -+ { -+ WSREP_ERROR("Bad SST method name. SST canceled."); -+ return WSREP_CB_FAILURE; -+ } -+ - const char* data= method + method_len + 1; - -+ if (check_request_str(data, address_char)) -+ { -+ WSREP_ERROR("Bad SST address string. SST canceled."); -+ return WSREP_CB_FAILURE; -+ } -+ - wsp::env env(NULL); - if (env.error()) - { |