Fixes to Coverity defects 85010 84878 72752 72742 72719 and 73418.
skygw_utils.cc: Added function is_valid_posix_path that checks if a path is POSIX-compliant.
This commit is contained in:
Markus Makela
@ -175,7 +175,7 @@ bool parse_query (
|
|||||||
len = MYSQL_GET_PACKET_LEN(data)-1; /*< distract 1 for packet type byte */
|
len = MYSQL_GET_PACKET_LEN(data)-1; /*< distract 1 for packet type byte */
|
||||||
|
|
||||||
|
|
||||||
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
if (len < 1 || len >= SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
||||||
{
|
{
|
||||||
/** Free parsing info data */
|
/** Free parsing info data */
|
||||||
parsing_info_done(pi);
|
parsing_info_done(pi);
|
||||||
|
|||||||
@ -140,7 +140,6 @@ int modutil_MySQL_query_len(
|
|||||||
{
|
{
|
||||||
int len;
|
int len;
|
||||||
int buflen;
|
int buflen;
|
||||||
uint8_t data;
|
|
||||||
|
|
||||||
if (!modutil_is_SQL(buf))
|
if (!modutil_is_SQL(buf))
|
||||||
{
|
{
|
||||||
@ -287,7 +286,7 @@ modutil_get_query(GWBUF *buf)
|
|||||||
|
|
||||||
case MYSQL_COM_QUERY:
|
case MYSQL_COM_QUERY:
|
||||||
len = MYSQL_GET_PACKET_LEN(packet)-1; /*< distract 1 for packet type byte */
|
len = MYSQL_GET_PACKET_LEN(packet)-1; /*< distract 1 for packet type byte */
|
||||||
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
if (len < 1 || len > SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
||||||
{
|
{
|
||||||
goto retblock;
|
goto retblock;
|
||||||
}
|
}
|
||||||
@ -297,7 +296,7 @@ modutil_get_query(GWBUF *buf)
|
|||||||
|
|
||||||
default:
|
default:
|
||||||
len = strlen(STRPACKETTYPE(packet_type))+1;
|
len = strlen(STRPACKETTYPE(packet_type))+1;
|
||||||
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
if (len < 1 || len > SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
|
||||||
{
|
{
|
||||||
goto retblock;
|
goto retblock;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -272,6 +272,8 @@ char *home, buf[1024];
|
|||||||
if ((home = getenv("MAXSCALE_HOME")) == NULL || strlen(home) >= 1024)
|
if ((home = getenv("MAXSCALE_HOME")) == NULL || strlen(home) >= 1024)
|
||||||
home = "/usr/local/skysql";
|
home = "/usr/local/skysql";
|
||||||
sprintf(buf, "%s/etc/passwd", home);
|
sprintf(buf, "%s/etc/passwd", home);
|
||||||
|
if(!is_valid_posix_path(buf))
|
||||||
|
exit(1);
|
||||||
if (strcmp(buf, "/etc/passwd") != 0)
|
if (strcmp(buf, "/etc/passwd") != 0)
|
||||||
unlink(buf);
|
unlink(buf);
|
||||||
|
|
||||||
|
|||||||
@ -213,7 +213,7 @@ HINT_MODE mode = HM_EXECUTE;
|
|||||||
/*
|
/*
|
||||||
* If we have got here then we have a comment, ptr point to
|
* If we have got here then we have a comment, ptr point to
|
||||||
* the comment character if it is a '#' comment or the second
|
* the comment character if it is a '#' comment or the second
|
||||||
* character of the comment if it is a -- or /* comment
|
* character of the comment if it is a -- or \/\* comment
|
||||||
*
|
*
|
||||||
* Move to the next character in the SQL.
|
* Move to the next character in the SQL.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -1602,7 +1602,7 @@ static GWBUF* process_response_data (
|
|||||||
if (nbytes_left == 0)
|
if (nbytes_left == 0)
|
||||||
{
|
{
|
||||||
/** No more packets in this response */
|
/** No more packets in this response */
|
||||||
if (npackets_left == 0)
|
if (npackets_left == 0 && outbuf != NULL)
|
||||||
{
|
{
|
||||||
GWBUF* b = outbuf;
|
GWBUF* b = outbuf;
|
||||||
|
|
||||||
|
|||||||
@ -3844,7 +3844,7 @@ static bool execute_sescmd_in_backend(
|
|||||||
tmpbuf = scur->scmd_cur_cmd->my_sescmd_buf;
|
tmpbuf = scur->scmd_cur_cmd->my_sescmd_buf;
|
||||||
qlen = MYSQL_GET_PACKET_LEN((unsigned char*)tmpbuf->start);
|
qlen = MYSQL_GET_PACKET_LEN((unsigned char*)tmpbuf->start);
|
||||||
memset(data->db,0,MYSQL_DATABASE_MAXLEN+1);
|
memset(data->db,0,MYSQL_DATABASE_MAXLEN+1);
|
||||||
if(qlen > 0)
|
if(qlen > 0 && qlen < UINT_MAX)
|
||||||
strncpy(data->db,tmpbuf->start+5,qlen - 1);
|
strncpy(data->db,tmpbuf->start+5,qlen - 1);
|
||||||
}
|
}
|
||||||
/** Fallthrough */
|
/** Fallthrough */
|
||||||
|
|||||||
@ -20,6 +20,7 @@
|
|||||||
|
|
||||||
#include <math.h>
|
#include <math.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
|
#include <ctype.h>
|
||||||
|
|
||||||
#define SECOND_USEC (1024*1024L)
|
#define SECOND_USEC (1024*1024L)
|
||||||
#define MSEC_USEC (1024L)
|
#define MSEC_USEC (1024L)
|
||||||
|
|||||||
@ -2058,11 +2058,29 @@ size_t get_decimal_len(
|
|||||||
return value > 0 ? (size_t) log10 ((double) value) + 1 : 1;
|
return value > 0 ? (size_t) log10 ((double) value) + 1 : 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if the provided pathname is POSIX-compliant. The valid characters
|
||||||
|
* are [a-z A-Z 0-9._-].
|
||||||
|
* @param path A null-terminated string
|
||||||
|
* @return true if it is a POSIX-compliant pathname, otherwise false
|
||||||
|
*/
|
||||||
|
bool is_valid_posix_path(char* path)
|
||||||
|
{
|
||||||
|
char* ptr = path;
|
||||||
|
while (*ptr != '\0')
|
||||||
|
{
|
||||||
|
if (isalnum (*ptr) ||
|
||||||
|
*ptr == '/' ||
|
||||||
|
*ptr == '.' ||
|
||||||
|
*ptr == '-' ||
|
||||||
|
*ptr == '_')
|
||||||
|
{
|
||||||
|
ptr++;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return true;
|
||||||
|
}
|
||||||
@ -198,7 +198,7 @@ size_t get_decimal_len(size_t s);
|
|||||||
char* replace_literal(char* haystack,
|
char* replace_literal(char* haystack,
|
||||||
const char* needle,
|
const char* needle,
|
||||||
const char* replacement);
|
const char* replacement);
|
||||||
|
bool is_valid_posix_path(char* path);
|
||||||
EXTERN_C_BLOCK_END
|
EXTERN_C_BLOCK_END
|
||||||
|
|
||||||
#endif /* SKYGW_UTILS_H */
|
#endif /* SKYGW_UTILS_H */
|
||||||
|
|||||||
Reference in New Issue
Block a user