Your message dated Wed, 13 Apr 2005 17:22:11 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Closing bugs for mysql-3.23 due to the release of an DSA
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Mar 2005 02:04:00 +0000
>From [EMAIL PROTECTED] Thu Mar 17 18:04:00 2005
Return-path: <[EMAIL PROTECTED]>
Received: from gate.lathspell.de (app109.intern) [212.117.68.82]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DC6qF-0001X4-00; Thu, 17 Mar 2005 18:03:59 -0800
Received: by app109.intern (Postfix, from userid 1000)
id D455B1C00D; Fri, 18 Mar 2005 03:03:57 +0100 (CET)
Content-Type: multipart/mixed; boundary="===============3419586501822622127=="
MIME-Version: 1.0
From: Christian Hammers <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: SECURITY bugs found by Stefano Di Paola (CAN-2005-0709,0710,0711)
X-Mailer: reportbug 3.8
Date: Fri, 18 Mar 2005 03:03:57 +0100
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part MIME message sent by reportbug.
--===============3419586501822622127==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: mysql
Version: 3.23.49-8.9
Severity: critical
Tags: security patch woody
Hello
[in copy to [EMAIL PROTECTED]
After the packages in unstable and testing were fixed by uploading
4.0.24-1 and 4.1.10a-1 I took a look at the Woody packages and found
them vulnerable, too.
Sergei Golubchik <[EMAIL PROTECTED]> provided a reference to the 4.0 patch
http://mysql.bkbits.net:8080/mysql-4.0/[EMAIL PROTECTED]
which, with some minor modifications, was applicable to the 3.23 source
tree.
I afterwards verified the three prove of concept examples given by
Stefano and they did at least not work any longer as they did with the
unpatched version.
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0082.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0083.html
http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0084.html
You can find a proposed upload for stable-security on
http://www.lathspell.de/linux/debian/mysql/woody/
To verify the patches the directory single-patches/ contains the
original patch splitted up to 11 individual files all on their
original version and after I adjusted the patch.
The concatenation of the p*_new.diff snippets toghether with some
comments and a diff to generate the new changelog entry is in
the directory what-i-applied/. The complete and adjusted patch
was copied to debian/patches/SECURITY__CAN-2005-0709....diff
as reference after I applied it.
For the patches itself I did some minor checks i.e. looked if there are
occurances of O_TRUNC flags or my_create() functions that were not replaced.
But I would sleep better if somebody else would look over it again as I'm
getting tired :)
hope that helps,
-christian-
P.S.: Security Team, Woody's mysql has also another, although very
minor security problem for which Sean Finney recently backported
a patch, you might want to take a look at bug #296674 [CAN-2004-0957]
-- System Information:
Debian Release: 3.1
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.10-9-amd64-k8
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1) (ignored: LC_ALL set to
de_DE)
--===============3419586501822622127==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="SECURITY__CAN-2005-0709,0710,0711.diff"
#
# * Stefano Di Paola found the following vulnerabilities:
# - Remote authenticated users with INSERT and DELETE privileges could
# execute arbitrary code by using CREATE FUNCTION to access libc calls,
# as demonstrated byusing strcat, on_exit, and exit. [CAN-2005-0709]
# - Remote authenticated users with INSERT and DELETE privileges could
# bypass library path restrictions and execute arbitrary libraries by
# using INSERT INTO to modify the mysql.func table, which is processed
# by the udf_init function. [CAN-2005-0710]
# - Predictable file names were used when creating temporary tables, which
# allowed local users with CREATE TEMPORARY TABLE privileges to overwrite
# arbitrary files via a symlink attack. [CAN-2005-0711]
#
# The patch is a backported version of MySQLs original patch for 4.0 which
# was available at:
# http://mysql.bkbits.net:8080/mysql-4.0/[EMAIL PROTECTED]
#
# The following is a quotation of the upstream patch comments:
#
# > This is a BitKeeper generated diff -Nru style patch.
# >
# > ChangeSet
# > 2005/03/03 19:51:29+01:00 [EMAIL PROTECTED]
# > Fixes for bugs reported by Stefano Di Paola ([EMAIL PROTECTED])
# >
# > include/my_global.h
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +3 -0
# > O_NOFOLLOW
# >
# > isam/create.c
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +3 -2
# > create table files with O_EXCL|O_NOFOLLOW
# >
# > merge/mrg_create.c
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +1 -1
# > create table files with O_EXCL|O_NOFOLLOW
# >
# > myisam/mi_create.c
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +8 -8
# > create files of temporary tables with O_EXCL|O_NOFOLLOW
# >
# > myisammrg/myrg_create.c
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +1 -1
# > create table files with O_EXCL|O_NOFOLLOW
# >
# > mysys/mf_tempfile.c
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +4 -4
# > create temporary files with O_EXCL|O_NOFOLLOW
# >
# > sql/ha_myisam.cc
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +11 -7
# > let mi_create know if the table is TEMPORARY
# >
# > sql/mysql_priv.h
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +1 -1
# > --allow_suspicious_udfs
# >
# > sql/mysqld.cc
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +9 -2
# > --allow_suspicious_udfs
# >
# > sql/share/english/errmsg.txt
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +1 -1
# > typo
# >
# > sql/sql_udf.cc
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +67 -31
# > --allow_suspicious_udfs
# > don't allow xxx() udf without any of xxx_init/deinit/add/reset
# > check paths when loading from mysql.func
# >
# > sql/table.cc
# > 2005/03/03 19:51:26+01:00 [EMAIL PROTECTED] +5 -1
# > create frm of temporary table with O_EXCL|O_NOFOLLOW
#
--- a/include/my_global.h 2005-03-17 23:49:22.272318000 +0100
+++ b/include/my_global.h 2005-03-17 23:49:49.135092659 +0100
@@ -395,6 +395,9 @@
#ifndef O_SHORT_LIVED
#define O_SHORT_LIVED 0
#endif
+#ifndef O_NOFOLLOW
+#define O_NOFOLLOW 0
+#endif
/* #define USE_RECORD_LOCK */
--- a/isam/create.c 2002-02-14 18:30:15.000000000 +0100
+++ b/isam/create.c 2005-03-17 23:49:51.912655694 +0100
@@ -58,13 +58,14 @@
base_pos=512; /* Enough for
N_STATE_INFO */
bzero((byte*) &share,sizeof(share));
if ((file = my_create(fn_format(buff,name,"",N_NAME_IEXT,4),0,
- O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ O_RDWR | O_EXCL | O_NOFOLLOW,MYF(MY_WME))) < 0)
goto err;
errpos=1;
VOID(fn_format(buff,name,"",N_NAME_DEXT,2+4));
if (!(flags & HA_DONT_TOUCH_DATA))
{
- if ((dfile = my_create(buff,0,O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ if ((dfile = my_create(buff,0,O_RDWR | O_EXCL | O_NOFOLLOW,
+ MYF(MY_WME))) < 0)
goto err;
errpos=2;
}
--- a/merge/create.c 2002-02-14 18:30:15.000000000 +0100
+++ b/merge/create.c 2005-03-17 23:49:54.377267964 +0100
@@ -33,7 +33,7 @@
errpos=0;
if ((file = my_create(fn_format(buff,name,"",MRG_NAME_EXT,4),0,
- O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ O_RDWR | O_EXCL | O_NOFOLLOW,MYF(MY_WME))) < 0)
goto err;
errpos=1;
if (table_names)
--- a/myisam/mi_create.c 2002-02-14 18:30:17.000000000 +0100
+++ b/myisam/mi_create.c 2005-03-18 00:01:52.892241358 +0100
@@ -37,7 +37,7 @@
{
register uint i,j;
File dfile,file;
- int errpos,save_errno;
+ int errpos,save_errno, create_mode= O_RDWR | O_TRUNC;
uint fields,length,max_key_length,packed,pointer,
key_length,info_length,key_segs,options,min_key_length_skipp,
base_pos,varchar_count,long_varchar_count,varchar_length,
@@ -170,7 +170,10 @@
min_pack_length+=varchar_length+2*varchar_count;
}
if (flags & HA_CREATE_TMP_TABLE)
+ {
options|= HA_OPTION_TMP_TABLE;
+ create_mode|= O_EXCL | O_NOFOLLOW;
+ }
if (flags & HA_CREATE_CHECKSUM || (options & HA_OPTION_CHECKSUM))
{
options|= HA_OPTION_CHECKSUM;
@@ -468,8 +471,8 @@
if (! (flags & HA_DONT_TOUCH_DATA))
share.state.create_time= (long) time((time_t*) 0);
- if ((file = my_create(fn_format(buff,name,"",MI_NAME_IEXT,4),0,
- O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ if ((file = my_create(fn_format(buff,name,"",MI_NAME_IEXT,4),0, create_mode,
+ MYF(MY_WME))) < 0)
goto err;
errpos=1;
VOID(fn_format(buff,name,"",MI_NAME_DEXT,2+4));
@@ -478,7 +481,7 @@
#ifdef USE_RAID
if (share.base.raid_type)
{
- if ((dfile=my_raid_create(buff,0,O_RDWR | O_TRUNC,
+ if ((dfile=my_raid_create(buff, 0, create_mode,
share.base.raid_type,
share.base.raid_chunks,
share.base.raid_chunksize,
@@ -487,7 +490,7 @@
}
else
#endif
- if ((dfile = my_create(buff,0,O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ if ((dfile = my_create(buff, 0, create_mode, MYF(MY_WME))) < 0)
goto err;
errpos=3;
--- a/myisammrg/myrg_create.c 2002-02-14 18:30:18.000000000 +0100
+++ b/myisammrg/myrg_create.c 2005-03-18 00:03:27.279412105 +0100
@@ -33,7 +33,7 @@
errpos=0;
if ((file = my_create(fn_format(buff,name,"",MYRG_NAME_EXT,4),0,
- O_RDWR | O_TRUNC,MYF(MY_WME))) < 0)
+ O_RDWR | O_EXCL | O_NOFOLLOW,MYF(MY_WME))) < 0)
goto err;
errpos=1;
if (table_names)
--- a/mysys/mf_tempfile.c 2002-02-14 18:30:17.000000000 +0100
+++ b/mysys/mf_tempfile.c 2005-03-18 00:03:48.154143325 +0100
@@ -71,7 +71,7 @@
{
strmake(to,res,FN_REFLEN-1);
(*free)(res);
- file=my_create(to,0, mode, MyFlags);
+ file=my_create(to,0, mode | O_EXCL | O_NOFOLLOW, MyFlags);
}
environ=old_env;
}
@@ -82,7 +82,7 @@
{
strmake(to,res,FN_REFLEN-1);
(*free)(res);
- file=my_create(to, 0, mode, MyFlags);
+ file=my_create(to, 0, mode | O_EXCL | O_NOFOLLOW, MyFlags);
}
#elif defined(HAVE_MKSTEMP)
{
@@ -143,7 +143,7 @@
strmake(to,res,FN_REFLEN-1);
(*free)(res);
file=my_create(to,0,
- (int) (O_RDWR | O_BINARY | O_TRUNC |
+ (int) (O_RDWR | O_BINARY | O_TRUNC | O_EXCL | O_NOFOLLOW |
O_TEMPORARY | O_SHORT_LIVED),
MYF(MY_WME));
@@ -186,7 +186,7 @@
}
(void) strmov(end_pos,TMP_EXT);
file=my_create(to,0,
- (int) (O_RDWR | O_BINARY | O_TRUNC |
+ (int) (O_RDWR | O_BINARY | O_TRUNC | O_EXCL | O_NOFOLLOW |
O_TEMPORARY | O_SHORT_LIVED),
MYF(MY_WME));
}
--- a/sql/ha_myisam.cc 2002-02-14 18:30:24.000000000 +0100
+++ b/sql/ha_myisam.cc 2005-03-18 00:10:03.435368039 +0100
@@ -931,7 +931,7 @@
HA_CREATE_INFO *info)
{
int error;
- uint i,j,recpos,minpos,fieldpos,temp_length,length;
+ uint i,j,recpos,minpos,fieldpos,temp_length,length, create_flags;
bool found_auto_increment=0;
enum ha_base_keytype type;
char buff[FN_REFLEN];
@@ -1096,16 +1096,20 @@
create_info.raid_chunks=info->raid_chunks ? info->raid_chunks :
RAID_DEFAULT_CHUNKS;
create_info.raid_chunksize=info->raid_chunksize ? info->raid_chunksize :
RAID_DEFAULT_CHUNKSIZE;
+ if (info->options & HA_LEX_CREATE_TMP_TABLE)
+ create_flags|= HA_CREATE_TMP_TABLE;
+ if (options & HA_OPTION_PACK_RECORD)
+ create_flags|= HA_PACK_RECORD;
+ if (options & HA_OPTION_CHECKSUM)
+ create_flags|= HA_CREATE_CHECKSUM;
+ if (options & HA_OPTION_DELAY_KEY_WRITE)
+ create_flags|= HA_CREATE_DELAY_KEY_WRITE;
+
error=mi_create(fn_format(buff,name,"","",2+4+16),
form->keys,keydef,
(uint) (recinfo_pos-recinfo), recinfo,
0, (MI_UNIQUEDEF*) 0,
- &create_info,
- (((options & HA_OPTION_PACK_RECORD) ? HA_PACK_RECORD : 0) |
- ((options & HA_OPTION_CHECKSUM) ? HA_CREATE_CHECKSUM : 0) |
- ((options & HA_OPTION_DELAY_KEY_WRITE) ?
- HA_CREATE_DELAY_KEY_WRITE : 0)));
-
+ &create_info, create_flags);
my_free((gptr) recinfo,MYF(0));
DBUG_RETURN(error);
--- a/sql/mysql_priv.h 2002-02-14 18:30:26.000000000 +0100
+++ b/sql/mysql_priv.h 2005-03-18 00:15:03.379379115 +0100
@@ -525,7 +525,8 @@
COND_slave_stopped, COND_slave_start;
extern pthread_attr_t connection_attrib;
extern bool opt_endinfo, using_udf_functions, locked_in_memory,
- opt_using_transactions, use_temp_pool, opt_local_infile;
+ opt_using_transactions, use_temp_pool, opt_local_infile,
+ opt_allow_suspicious_udfs;
extern char f_fyllchar;
extern ulong ha_read_count, ha_write_count, ha_delete_count, ha_update_count,
ha_read_key_count, ha_read_next_count, ha_read_prev_count,
--- a/sql/mysqld.cc 2002-02-14 18:30:15.000000000 +0100
+++ b/sql/mysqld.cc 2005-03-18 00:25:13.190686788 +0100
@@ -221,7 +221,7 @@
opt_myisam_log=0,
opt_large_files=sizeof(my_off_t) > 4;
bool opt_sql_bin_update = 0, opt_log_slave_updates = 0, opt_safe_show_db=0,
- opt_safe_user_create=0;
+ opt_safe_user_create=0, opt_allow_suspicious_udfs;
FILE *bootstrap_file=0;
int segfaulted = 0; // ensure we do not enter SIGSEGV handler twice
extern MASTER_INFO glob_mi;
@@ -2614,11 +2614,13 @@
OPT_SKIP_STACK_TRACE, OPT_SKIP_SYMLINKS,
OPT_MAX_BINLOG_DUMP_EVENTS, OPT_SPORADIC_BINLOG_DUMP_FAIL,
OPT_SAFE_USER_CREATE, OPT_SQL_MODE,
- OPT_SLAVE_SKIP_ERRORS, OPT_LOCAL_INFILE
+ OPT_SLAVE_SKIP_ERRORS, OPT_LOCAL_INFILE,
+ OPT_ALLOW_SUSPICIOUS_UDFS
};
static struct option long_options[] = {
{"ansi", no_argument, 0, 'a'},
+ {"allow-suspicious-udfs", no_argument, 0, (int)
OPT_ALLOW_SUSPICIOUS_UDFS},
{"basedir", required_argument, 0, 'b'},
#ifdef HAVE_BERKELEY_DB
{"bdb-home", required_argument, 0, (int) OPT_BDB_HOME},
@@ -3195,6 +3197,11 @@
printf("Usage: %s [OPTIONS]\n", my_progname);
puts("\n\
--ansi Use ANSI SQL syntax instead of MySQL syntax\n\
+ --allow-suspicious-udfs\n\
+ Allows to use UDF's consisting of only one symbol\n\
+ xxx() without corresponing xxx_init() or
xxx_deinit().\n\
+ That also means that one can load any function from\n\
+ any library, for example exit() from libc.so\n\
-b, --basedir=path Path to installation directory. All paths are\n\
usually resolved relative to this\n\
--big-tables Allow big result sets by saving all temporary sets\n\
--- a/sql/share/english/errmsg.txt 2002-02-14 18:51:40.000000000 +0100
+++ b/sql/share/english/errmsg.txt 2005-03-18 00:26:13.891147821 +0100
@@ -128,7 +128,7 @@
"No paths allowed for shared library",
"Function '%-.64s' already exist",
"Can't open shared library '%-.64s' (errno: %d %-.64s)",
-"Can't find function '%-.64s' in library'",
+"Can't find function '%-.64s' in library",
"Function '%-.64s' is not defined",
"Host '%-.64s' is blocked because of many connection errors. Unblock with
'mysqladmin flush-hosts'",
"Host '%-.64s' is not allowed to connect to this MySQL server",
--- a/sql/sql_udf.cc 2002-02-14 18:30:22.000000000 +0100
+++ b/sql/sql_udf.cc 2005-03-18 00:30:05.890689505 +0100
@@ -75,29 +75,49 @@
static pthread_mutex_t THR_LOCK_udf;
-static udf_func *add_udf(char *name, Item_result ret, char *dl,
- Item_udftype typ);
+static udf_func *add_udf(char *name, Item_result ret,
+ char *dl, Item_udftype typ);
static void del_udf(udf_func *udf);
static void *find_udf_dl(const char *dl);
-
-static void init_syms(udf_func *tmp)
+static char *init_syms(udf_func *tmp, char *nm)
{
- char nm[MAX_FIELD_NAME+16],*end;
+ char *end;
+
+ if (!((tmp->func= dlsym(tmp->dlhandle, tmp->name))))
+ return tmp->name;
- tmp->func = dlsym(tmp->dlhandle, tmp->name);
end=strmov(nm,tmp->name);
- (void) strmov(end,"_init");
- tmp->func_init = dlsym(tmp->dlhandle, nm);
- (void) strmov(end,"_deinit");
- tmp->func_deinit = dlsym(tmp->dlhandle, nm);
+
if (tmp->type == UDFTYPE_AGGREGATE)
{
- (void)strmov( end, "_reset" );
- tmp->func_reset = dlsym( tmp->dlhandle, nm );
- (void)strmov( end, "_add" );
- tmp->func_add = dlsym( tmp->dlhandle, nm );
+ (void)strmov(end, "_reset");
+ if (!((tmp->func_reset= dlsym(tmp->dlhandle, nm))))
+ return nm;
+ (void)strmov(end, "_add");
+ if (!((tmp->func_add= dlsym(tmp->dlhandle, nm))))
+ return nm;
+ }
+
+ (void) strmov(end,"_deinit");
+ tmp->func_deinit= dlsym(tmp->dlhandle, nm);
+
+ (void) strmov(end,"_init");
+ tmp->func_init= dlsym(tmp->dlhandle, nm);
+
+ /*
+ to prefent loading "udf" from, e.g. libc.so
+ let's ensure that at least one auxiliary symbol is defined
+ */
+ if (!tmp->func_init && !tmp->func_deinit && tmp->type != UDFTYPE_AGGREGATE)
+ {
+ if (opt_allow_suspicious_udfs)
+ sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), nm);
+ else
+ return nm;
}
+
+ return 0;
}
static byte* get_hash_key(const byte *buff,uint *length,
@@ -109,7 +129,7 @@
}
/*
-** Read all predeclared functions from [EMAIL PROTECTED] and accept all that
+** Read all predeclared functions from mysql.func and accept all that
** can be used.
*/
@@ -151,7 +171,7 @@
if (open_tables(new_thd, &tables))
{
DBUG_PRINT("error",("Can't open udf table"));
- sql_print_error("Can't open mysql/func table");
+ sql_print_error("Can't open mysql.func table. Please run the
mysql_install_db script to create it.");
close_thread_tables(new_thd);
delete new_thd;
DBUG_VOID_RETURN;
@@ -169,10 +189,22 @@
if (table->fields >= 4) // New func table
udftype=(Item_udftype) table->field[3]->val_int();
+ /*
+ Ensure that the .dll doesn't have a path
+ This is done to ensure that only approved dll from the system
+ directories are used (to make this even remotely secure).
+ */
+ if (strchr(dl_name, '/') || strlen(name) > NAME_LEN)
+ {
+ sql_print_error("Invalid row in mysql.func table for function '%.64s'",
+ name);
+ continue;
+ }
+
if (!(tmp = add_udf(name,(Item_result) table->field[1]->val_int(),
dl_name, udftype)))
{
- sql_print_error("Can't alloc memory for udf function: name");
+ sql_print_error("Can't alloc memory for udf function: '%.64s'", name);
continue;
}
@@ -189,13 +221,15 @@
new_dl=1;
}
tmp->dlhandle = dl;
- init_syms(tmp);
- if (!tmp->func)
{
- sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), name);
- del_udf(tmp);
- if (new_dl)
- dlclose(dl);
+ char buf[MAX_FIELD_NAME+16], *missing;
+ if ((missing= init_syms(tmp, buf)))
+ {
+ sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing);
+ del_udf(tmp);
+ if (new_dl)
+ dlclose(dl);
+ }
}
}
if (error > 0)
@@ -380,13 +414,15 @@
new_dl=1;
}
udf->dlhandle=dl;
- init_syms(udf);
-
- if (udf->func == NULL)
{
- net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, udf->name);
- goto err;
+ char buf[MAX_FIELD_NAME+16], *missing;
+ if ((missing= init_syms(udf, buf)))
+ {
+ net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, missing);
+ goto err;
+ }
}
+
udf->name=strdup_root(&mem,udf->name);
udf->dl=strdup_root(&mem,udf->dl);
if (!udf->name || !udf->dl ||
@@ -402,7 +438,7 @@
u_d->func_reset=udf->func_reset;
u_d->func_add=udf->func_add;
- /* create entry in mysql/func table */
+ /* create entry in mysql.func table */
bzero((char*) &tables,sizeof(tables));
tables.db= (char*) "mysql";
@@ -422,7 +458,7 @@
close_thread_tables(thd);
if (error)
{
- net_printf(&thd->net, ER_ERROR_ON_WRITE, "[EMAIL PROTECTED]",error);
+ net_printf(&thd->net, ER_ERROR_ON_WRITE, "mysql.func",error);
del_udf(u_d);
goto err;
}
--- a/sql/table.cc 2002-02-14 18:30:24.000000000 +0100
+++ b/sql/table.cc 2005-03-18 00:38:47.911609320 +0100
@@ -945,6 +945,10 @@
uint key_length;
ulong length;
char fill[IO_SIZE];
+ int create_flags= O_RDWR | O_TRUNC;
+
+ if (create_info->options & HA_LEX_CREATE_TMP_TABLE)
+ create_flags|= O_EXCL | O_NOFOLLOW;
#if SIZEOF_OFF_T > 4
/* Fix this in MySQL 4.0; The current limit is 4G rows (QQ) */
@@ -954,7 +958,7 @@
create_info->min_rows= ~(ulong) 0;
#endif
- if ((file=my_create(name,CREATE_MODE,O_RDWR | O_TRUNC,MYF(MY_WME))) >= 0)
+ if ((file= my_create(name, CREATE_MODE, create_flags, MYF(MY_WME))) >= 0)
{
bzero((char*) fileinfo,64);
fileinfo[0]=(uchar) 254; fileinfo[1]= 1; fileinfo[2]= FRM_VER+1; // Header
--===============3419586501822622127==--
---------------------------------------
Received: (at 300158-done) by bugs.debian.org; 13 Apr 2005 15:22:39 +0000
>From [EMAIL PROTECTED] Wed Apr 13 08:22:38 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail3b.westend.com (mail3b2.westend.com) [212.117.79.78]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DLjhO-0001eQ-00; Wed, 13 Apr 2005 08:22:38 -0700
Received: from localhost (localhost [127.0.0.1])
by mail3b2.westend.com (Postfix) with ESMTP id 7783C12132A;
Wed, 13 Apr 2005 17:22:37 +0200 (CEST)
Received: from mail3b2.westend.com ([127.0.0.1])
by localhost (mail3b [127.0.0.1]) (amavisd-new, port 20024)
with ESMTP id 14345-05; Wed, 13 Apr 2005 17:22:25 +0200 (CEST)
Received: from xeniac.intern (office-gw.westend.com [212.117.64.2])
by mail3b2.westend.com (Postfix) with ESMTP id D668212130E;
Wed, 13 Apr 2005 17:22:25 +0200 (CEST)
Date: Wed, 13 Apr 2005 17:22:11 +0200
From: Christian Hammers <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: Closing bugs for mysql-3.23 due to the release of an DSA
Message-ID: <[EMAIL PROTECTED]>
In-Reply-To: <[EMAIL PROTECTED]>
References: <[EMAIL PROTECTED]>
<[EMAIL PROTECTED]>
Organization: www.debian.org
X-Mailer: Sylpheed-Claws 0.9.12b (GTK+ 1.2.10; i386-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature";
micalg="pgp-sha1";
boundary="Signature=_Wed__13_Apr_2005_17_22_11_+0200_t_5DuSeOunhM0SR6"
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 3
--Signature=_Wed__13_Apr_2005_17_22_11_+0200_t_5DuSeOunhM0SR6
Content-Type: text/plain; charset=US-ASCII
Content-Disposition: inline
Content-Transfer-Encoding: 7bit
I'm closing the bug reports that were fixed by the just released DSA.
bye,
-christian-
--Signature=_Wed__13_Apr_2005_17_22_11_+0200_t_5DuSeOunhM0SR6
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCXTkjkR9K5oahGOYRAkEkAKCcqzV8r41cx1r0IJkHT7lZoJx9QACdHMz3
4TaRTUL4ElZeaglZOHl/74U=
=cVqw
-----END PGP SIGNATURE-----
--Signature=_Wed__13_Apr_2005_17_22_11_+0200_t_5DuSeOunhM0SR6--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
