udf: when banning paths from soname in CREATE FUNCTION, check for \ on windows.

when reporting an error, use an appropriate buffer for udf->name

udf: when banning paths from soname in CREATE FUNCTION, check for \ on windows.
when reporting an error, use an appropriate buffer for udf->name
50d369bb · serg@serg.mylan · 08ae28f4 · 50d369bb
Commit 50d369bb authored May 18, 2005 by serg@serg.mylan
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 4 deletions

sql/sql_udf.cc sql/sql_udf.cc +6 -4

No files found.
--- a/sql/sql_udf.cc
+++ b/sql/sql_udf.cc
@@ -190,7 +190,9 @@ void udf_init()
      This is done to ensure that only approved dll from the system
      directories are used (to make this even remotely secure).
    */
-    if (strchr(dl_name, '/') || strlen(name) > NAME_LEN)
+    if (strchr(dl_name, '/') ||
+        IF_WIN(strchr(dl_name, '\\'),0) ||
+        strlen(name) > NAME_LEN)
    {
      sql_print_error("Invalid row in mysql.func table for function '%.64s'",
                      name);
@@ -219,7 +221,7 @@ void udf_init()
    }
    tmp->dlhandle = dl;
    {
-      char buf[MAX_FIELD_NAME+16], *missing;
+      char buf[NAME_LEN+16], *missing;
      if ((missing= init_syms(tmp, buf)))
      {
        sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing);
@@ -403,7 +405,7 @@ int mysql_create_function(THD *thd,udf_func *udf)
    This is done to ensure that only approved dll from the system
    directories are used (to make this even remotely secure).
  */
-  if (strchr(udf->dl, '/'))
+  if (strchr(udf->dl, '/') || IF_WIN(strchr(dl_name, '\\'),0))
  {
    send_error(&thd->net, ER_UDF_NO_PATHS,ER(ER_UDF_NO_PATHS));
    DBUG_RETURN(1);
@@ -433,7 +435,7 @@ int mysql_create_function(THD *thd,udf_func *udf)
  }
  udf->dlhandle=dl;
  {
-    char buf[MAX_FIELD_NAME+16], *missing;
+    char buf[NAME_LEN+16], *missing;
    if ((missing= init_syms(udf, buf)))
    {
      net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, missing);