[Commits] fd5b930: MDEV-10888: encryption.filekeys_emptyfile fails in buildbot with valgrind

Jan Lindström jan.lindstrom at mariadb.com
Mon Sep 26 10:00:43 EEST 2016


revision-id: fd5b930a1fce9ef08941fa2edd767f7e4762904a (mariadb-10.1.17-22-gfd5b930)
parent(s): 7d7b92c107aaa36ac5e2dc142eb9e6a6181ff35e
committer: Jan Lindström
timestamp: 2016-09-26 09:58:50 +0300
message:

MDEV-10888: encryption.filekeys_emptyfile fails in buildbot with valgrind

Problem was that length of the filekeys file was not checked and if
length is less than OpenSSL_prefix_len uninitialized memory was
accessed.

---
 mysql-test/suite/encryption/r/filekeys_tooshort.result | 10 ++++++++++
 mysql-test/suite/encryption/t/filekeys-tooshort.enc    |  1 +
 mysql-test/suite/encryption/t/filekeys_tooshort.opt    |  3 +++
 mysql-test/suite/encryption/t/filekeys_tooshort.test   |  4 ++++
 plugin/file_key_management/parser.cc                   |  2 +-
 5 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/mysql-test/suite/encryption/r/filekeys_tooshort.result b/mysql-test/suite/encryption/r/filekeys_tooshort.result
new file mode 100644
index 0000000..efa6609
--- /dev/null
+++ b/mysql-test/suite/encryption/r/filekeys_tooshort.result
@@ -0,0 +1,10 @@
+call mtr.add_suppression("Cannot decrypt .*tooshort.enc. Not encrypted");
+call mtr.add_suppression("Plugin 'file_key_management' init function returned error");
+call mtr.add_suppression("Plugin 'file_key_management' registration.*failed");
+FOUND /Cannot decrypt .*tooshort.enc. Not encrypted/ in mysqld.1.err
+create table t1(c1 bigint not null, b char(200))  engine=innodb encrypted=yes encryption_key_id=1;
+ERROR HY000: Can't create table `test`.`t1` (errno: 140 "Wrong create options")
+select plugin_status from information_schema.plugins
+where plugin_name = 'file_key_management';
+plugin_status
+# Test checks if opening an too short filekeys does not crash the server.
diff --git a/mysql-test/suite/encryption/t/filekeys-tooshort.enc b/mysql-test/suite/encryption/t/filekeys-tooshort.enc
new file mode 100644
index 0000000..9849236
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys-tooshort.enc
@@ -0,0 +1 @@
+Salted__
\ No newline at end of file
diff --git a/mysql-test/suite/encryption/t/filekeys_tooshort.opt b/mysql-test/suite/encryption/t/filekeys_tooshort.opt
new file mode 100644
index 0000000..8999bec
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_tooshort.opt
@@ -0,0 +1,3 @@
+--loose-file-key-management-filekey=secret
+--loose-file-key-management-filename=$MTR_SUITE_DIR/t/filekeys-tooshort.enc
+
diff --git a/mysql-test/suite/encryption/t/filekeys_tooshort.test b/mysql-test/suite/encryption/t/filekeys_tooshort.test
new file mode 100644
index 0000000..b0e8967
--- /dev/null
+++ b/mysql-test/suite/encryption/t/filekeys_tooshort.test
@@ -0,0 +1,4 @@
+let SEARCH_PATTERN=Cannot decrypt .*tooshort.enc. Not encrypted;
+source filekeys_badtest.inc;
+
+--echo # Test checks if opening an too short filekeys does not crash the server.
diff --git a/plugin/file_key_management/parser.cc b/plugin/file_key_management/parser.cc
index 628412b..294ccc9 100644
--- a/plugin/file_key_management/parser.cc
+++ b/plugin/file_key_management/parser.cc
@@ -333,7 +333,7 @@ char* Parser::read_and_decrypt_file(const char *secret)
 
 // Check for file encryption
   uchar *decrypted;
-  if (is_prefix((char*)buffer, OpenSSL_prefix))
+  if (file_size > OpenSSL_prefix_len && is_prefix((char*)buffer, OpenSSL_prefix))
   {
     uchar key[OpenSSL_key_len];
     uchar iv[OpenSSL_iv_len];


More information about the commits mailing list