diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2020-10-08 00:16:25 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-10-08 00:30:09 +0200 |
| commit | 0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4 (patch) | |
| tree | f456e978fb74ab5c5150ccfcd67fda2fb410c09b /dev-db | |
| parent | dev-db/mariadb: bump to v10.3.25 (diff) | |
| download | gentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.tar.gz gentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.tar.bz2 gentoo-0f20dcf0f023c32af2dfe4994d3bc9aef11e61d4.zip | |
dev-db/mariadb: 10.3.x rev bump for CVE-2020-15180
Bug: https://bugs.gentoo.org/747166
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'dev-db')
| -rw-r--r-- | dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch | 75 | ||||
| -rw-r--r-- | dev-db/mariadb/mariadb-10.3.23-r3.ebuild (renamed from dev-db/mariadb/mariadb-10.3.23-r2.ebuild) | 1 |
2 files changed, 76 insertions, 0 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch new file mode 100644 index 000000000000..85d378f8232c --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.3-CVE-2020-15180.patch @@ -0,0 +1,75 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1726,24 +1726,65 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + wsrep_cb_status_t wsrep_sst_donate_cb (void* app_ctx, void* recv_ctx, + const void* msg, size_t msg_len, + const wsrep_gtid_t* current_gtid, + const char* state, size_t state_len, + bool bypass) + { +- /* This will be reset when sync callback is called. +- * Should we set wsrep_ready to FALSE here too? */ +- +- wsrep_config_state->set(WSREP_MEMBER_DONOR); +- + const char* method = (char*)msg; + size_t method_len = strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data = method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + char uuid_str[37]; + wsrep_uuid_print (¤t_gtid->uuid, uuid_str, sizeof(uuid_str)); + ++ /* This will be reset when sync callback is called. ++ * Should we set wsrep_ready to FALSE here too? */ ++ wsrep_config_state->set(WSREP_MEMBER_DONOR); ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild index 815d86f66db1..fdadccc6415f 100644 --- a/dev-db/mariadb/mariadb-10.3.23-r2.ebuild +++ b/dev-db/mariadb/mariadb-10.3.23-r3.ebuild @@ -238,6 +238,7 @@ src_unpack() { src_prepare() { eapply "${WORKDIR}"/mariadb-patches + eapply "${FILESDIR}"/mariadb-10.3-CVE-2020-15180.patch eapply_user |