hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MXS-2390 Firewall should reject statements prepared from var

Browse Source 
Currently no practical way for checking what the statement
actually does and thus blanket rejection is the only alternative.
This commit is contained in:
Johan Wikman
2019-03-19 14:08:44 +02:00
parent 09d9570c7e
commit a6f52b008f
1 changed files with 62 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/modules/filter/dbfwfilter/dbfwfilter.cc
View File

@ -1480,12 +1480,21 @@ int DbfwSession::routeQuery(GWBUF* buffer)
if (qc_query_is_type(type, QUERY_TYPE_PREPARE_NAMED_STMT)) if (qc_query_is_type(type, QUERY_TYPE_PREPARE_NAMED_STMT))
{ {
analyzed_queue = qc_get_preparable_stmt(buffer); analyzed_queue = qc_get_preparable_stmt(buffer);
mxb_assert(analyzed_queue);
// 'analyzed_queue' will be NULL if the statement is prepared from
// a variable like in : "prepare ps from @a".
} }
SUser suser = find_user_data(this_thread->users(m_instance), user(), remote());
bool query_ok = false; bool query_ok = false;
if (!analyzed_queue)
{
set_error("Firewall rejects statements prepared from a variable.");
}
else
{
SUser suser = find_user_data(this_thread->users(m_instance), user(), remote());
if (command_is_mandatory(buffer)) if (command_is_mandatory(buffer))
{ {
query_ok = true; query_ok = true;
@ -1546,6 +1555,7 @@ int DbfwSession::routeQuery(GWBUF* buffer)
{ {
query_ok = true; query_ok = true;
} }
}
if (query_ok) if (query_ok)
{ {