hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes to Coverity defects 85010 84878 72752 72742 72719 and 73418.

Browse Source 
skygw_utils.cc: Added function is_valid_posix_path that checks if a path is POSIX-compliant.
This commit is contained in:
Markus Makela
2015-01-05 06:05:56 +02:00
parent b3d79f7273
commit ba009e5fd3
9 changed files with 36 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
query_classifier/query_classifier.cc
View File

@ -175,7 +175,7 @@ bool parse_query (
len = MYSQL_GET_PACKET_LEN(data)-1; /*< distract 1 for packet type byte */
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
if (len < 1 || len >= SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
{
/** Free parsing info data */
parsing_info_done(pi);

5
server/core/modutil.c
View File

@ -140,7 +140,6 @@ int modutil_MySQL_query_len(
{
int len;
int buflen;
uint8_t data;
if (!modutil_is_SQL(buf))
{
@ -287,7 +286,7 @@ modutil_get_query(GWBUF *buf)
case MYSQL_COM_QUERY:
len = MYSQL_GET_PACKET_LEN(packet)-1; /*< distract 1 for packet type byte */
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
if (len < 1 || len > SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
{
goto retblock;
}
@ -297,7 +296,7 @@ modutil_get_query(GWBUF *buf)
default:
len = strlen(STRPACKETTYPE(packet_type))+1;
if (len < 1 || (query_str = (char *)malloc(len+1)) == NULL)
if (len < 1 || len > SIZE_MAX - 1 || (query_str = (char *)malloc(len+1)) == NULL)
{
goto retblock;
}

2
server/core/test/testadminusers.c
View File

@ -272,6 +272,8 @@ char *home, buf[1024];
if ((home = getenv("MAXSCALE_HOME")) == NULL || strlen(home) >= 1024)
home = "/usr/local/skysql";
sprintf(buf, "%s/etc/passwd", home);
if(!is_valid_posix_path(buf))
exit(1);
if (strcmp(buf, "/etc/passwd") != 0)
unlink(buf);

2
server/modules/filter/hint/hintparser.c
View File

@ -213,7 +213,7 @@ HINT_MODE mode = HM_EXECUTE;
/*
* If we have got here then we have a comment, ptr point to
* the comment character if it is a '#' comment or the second
* character of the comment if it is a -- or /* comment
* character of the comment if it is a -- or \/\* comment
*
* Move to the next character in the SQL.
*/

2
server/modules/protocol/mysql_backend.c
View File

@ -1602,7 +1602,7 @@ static GWBUF* process_response_data (
if (nbytes_left == 0)
{
/** No more packets in this response */
if (npackets_left == 0)
if (npackets_left == 0 && outbuf != NULL)
{
GWBUF* b = outbuf;

2
server/modules/routing/readwritesplit/readwritesplit.c
View File

@ -3844,7 +3844,7 @@ static bool execute_sescmd_in_backend(
tmpbuf = scur->scmd_cur_cmd->my_sescmd_buf;
qlen = MYSQL_GET_PACKET_LEN((unsigned char*)tmpbuf->start);
memset(data->db,0,MYSQL_DATABASE_MAXLEN+1);
if(qlen > 0)
if(qlen > 0 && qlen < UINT_MAX)
strncpy(data->db,tmpbuf->start+5,qlen - 1);
}
/** Fallthrough */

1
utils/skygw_types.h
View File

@ -20,6 +20,7 @@
#include <math.h>
#include <stdbool.h>
#include <ctype.h>
#define SECOND_USEC (1024*1024L)
#define MSEC_USEC (1024L)

34
utils/skygw_utils.cc
View File

@ -2058,11 +2058,29 @@ size_t get_decimal_len(
return value > 0 ? (size_t) log10 ((double) value) + 1 : 1;
}
/**
* Check if the provided pathname is POSIX-compliant. The valid characters
* are [a-z A-Z 0-9._-].
* @param path A null-terminated string
* @return true if it is a POSIX-compliant pathname, otherwise false
*/
bool is_valid_posix_path(char* path)
{
char* ptr = path;
while (*ptr != '\0')
{
if (isalnum (*ptr) ||
*ptr == '/' ||
*ptr == '.' ||
*ptr == '-' ||
*ptr == '_')
{
ptr++;
}
else
{
return false;
}
}
return true;
}

2
utils/skygw_utils.h
View File

@ -198,7 +198,7 @@ size_t get_decimal_len(size_t s);
char* replace_literal(char* haystack,
const char* needle,
const char* replacement);
bool is_valid_posix_path(char* path);
EXTERN_C_BLOCK_END
#endif /* SKYGW_UTILS_H */