diff options
| author |   Thomas Deutschmann <whissi@gentoo.org> | 2020-10-07 23:30:40 +0200 |
|---|---|---|
| committer | Thomas Deutschmann <whissi@gentoo.org> | 2020-10-08 00:30:08 +0200 |
| commit | 90ad011695b84e10ea33b8914f645181735c1376 (patch) | |
| tree | fc75dcd722004cb7f5f085a2fd61a53c986c6552 /dev-db | |
| parent | dev-db/mariadb: bump to v10.4.15 (diff) | |
| download | gentoo-90ad011695b84e10ea33b8914f645181735c1376.tar.gz gentoo-90ad011695b84e10ea33b8914f645181735c1376.tar.bz2 gentoo-90ad011695b84e10ea33b8914f645181735c1376.zip | |
dev-db/mariadb: 10.4.x rev bump for CVE-2020-15180
Bug: https://bugs.gentoo.org/747166
Package-Manager: Portage-3.0.8, Repoman-3.0.1
Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'dev-db')
| -rw-r--r-- | dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch | 62 | ||||
| -rw-r--r-- | dev-db/mariadb/mariadb-10.4.13-r3.ebuild (renamed from dev-db/mariadb/mariadb-10.4.13-r2.ebuild) | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch new file mode 100644 index 000000000000..9658669c6e61 --- /dev/null +++ b/dev-db/mariadb/files/mariadb-10.4-CVE-2020-15180.patch @@ -0,0 +1,62 @@ +https://github.com/MariaDB/server/commit/418850b2df4256da5a722288c2657650dc228842 + +--- a/sql/wsrep_sst.cc ++++ b/sql/wsrep_sst.cc +@@ -1822,6 +1822,35 @@ static int sst_donate_other (const char* method, + return arg.err; + } + ++/* return true if character can be a part of a filename */ ++static bool filename_char(int const c) ++{ ++ return isalnum(c) || (c == '-') || (c == '_') || (c == '.'); ++} ++ ++/* return true if character can be a part of an address string */ ++static bool address_char(int const c) ++{ ++ return filename_char(c) || ++ (c == ':') || (c == '[') || (c == ']') || (c == '/'); ++} ++ ++static bool check_request_str(const char* const str, ++ bool (*check) (int c)) ++{ ++ for (size_t i(0); str[i] != '\0'; ++i) ++ { ++ if (!check(str[i])) ++ { ++ WSREP_WARN("Illegal character in state transfer request: %i (%c).", ++ str[i], str[i]); ++ return true; ++ } ++ } ++ ++ return false; ++} ++ + int wsrep_sst_donate(const std::string& msg, + const wsrep::gtid& current_gtid, + const bool bypass) +@@ -1833,8 +1862,21 @@ int wsrep_sst_donate(const std::string& msg, + + const char* method= msg.data(); + size_t method_len= strlen (method); ++ ++ if (check_request_str(method, filename_char)) ++ { ++ WSREP_ERROR("Bad SST method name. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + const char* data= method + method_len + 1; + ++ if (check_request_str(data, address_char)) ++ { ++ WSREP_ERROR("Bad SST address string. SST canceled."); ++ return WSREP_CB_FAILURE; ++ } ++ + wsp::env env(NULL); + if (env.error()) + { diff --git a/dev-db/mariadb/mariadb-10.4.13-r2.ebuild b/dev-db/mariadb/mariadb-10.4.13-r3.ebuild index f879d6f9a0ef..d87c5a8beba6 100644 --- a/dev-db/mariadb/mariadb-10.4.13-r2.ebuild +++ b/dev-db/mariadb/mariadb-10.4.13-r3.ebuild @@ -223,6 +223,7 @@ src_unpack() { src_prepare() { eapply "${WORKDIR}"/mariadb-patches + eapply "${FILESDIR}"/mariadb-10.4-CVE-2020-15180.patch eapply_user |