diff --git a/deps/Makefile b/deps/Makefile index 91192c79f..f7880a7bf 100644 --- a/deps/Makefile +++ b/deps/Makefile @@ -52,7 +52,9 @@ libinjection: libinjection/libinjection/src/libinjection.a libssl/openssl/libssl.a: cd libssl && rm -rf openssl-openssl-*/ || true cd libssl && tar -zxf openssl-*.tar.gz - cd libssl/openssl && ./config no-ssl3 no-tests + cd libssl/openssl && patch crypto/ec/curve448/curve448.c < ../curve448.c-multiplication-overflow.patch + cd libssl/openssl && patch crypto/asn1/a_time.c < ../a_time.c-multiplication-overflow.patch + cd libssl/openssl && ./config no-ssl3 no-tests cd libssl/openssl && CC=${CC} CXX=${CXX} ${MAKE} cd libssl/openssl && ln -s . lib # curl wants this path libssl: libssl/openssl/libssl.a @@ -92,6 +94,7 @@ libhttpserver: libhttpserver/libhttpserver/build/src/.libs/libhttpserver.a libev/libev/.libs/libev.a: cd libev && rm -rf libev-4.24 || true cd libev && tar -zxf libev-4.24.tar.gz + cd libev/libev && patch ev.c < ../ev.c-multiplication-overflow.patch cd libev/libev && ./configure cd libev/libev && CC=${CC} CXX=${CXX} ${MAKE} ev: libev/libev/.libs/libev.a @@ -117,6 +120,7 @@ endif ifeq ($(OS),Darwin) cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/mhd_sockets.c < ../mhd_sockets.c-issue-5977.patch endif + cd libmicrohttpd/libmicrohttpd && patch src/microhttpd/connection.c < ../connection.c-snprintf-overflow.patch cd libmicrohttpd/libmicrohttpd && ./configure --enable-https && CC=${CC} CXX=${CXX} ${MAKE} microhttpd: libmicrohttpd/libmicrohttpd/src/microhttpd/.libs/libmicrohttpd.a @@ -193,6 +197,9 @@ mariadb-client-library/mariadb_client/libmariadb/libmariadbclient.a: libssl/open ifeq ($(WITHASAN),1) cd mariadb-client-library/mariadb_client && patch -p0 < ../mariadb_asan.patch endif + cd mariadb-client-library/mariadb_client && patch libmariadb/mariadb_dyncol.c < ../mariadb_dyncol.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch libmariadb/ma_array.c < ../ma_array.c-multiplication-overflow.patch + cd mariadb-client-library/mariadb_client && patch zlib/zutil.c < ../zutil.c-multiplication-overflow.patch cd mariadb-client-library/mariadb_client && CC=${CC} CXX=${CXX} ${MAKE} mariadbclient # cd mariadb-client-library/mariadb_client/include && make my_config.h @@ -203,6 +210,7 @@ sqlite3/sqlite3/sqlite3.o: cd sqlite3 && rm -rf sqlite-amalgamation-3190200 cd sqlite3 && tar -zxf sqlite-amalgamation-3190200.tar.gz cd sqlite3/sqlite3 && patch sqlite3.c < ../from_unixtime.patch + cd sqlite3/sqlite3 && patch sqlite3.c < ../sqlite3.c-multiplication-overflow.patch cd sqlite3/sqlite3 && ${CC} ${MYCFLAGS} -fPIC -c -o sqlite3.o sqlite3.c -DSQLITE_ENABLE_MEMORY_MANAGEMENT -DSQLITE_ENABLE_JSON1 -DSQLITE_DLL=1 cd sqlite3/sqlite3 && ${CC} -shared -o libsqlite3.so sqlite3.o @@ -234,7 +242,8 @@ re2/re2/obj/libre2.a: # cd re2 && tar -zxf re2-20140304.tgz cd re2 && tar -zxf re2.tar.gz # cd re2/re2 && sed -i -e 's/-O3 -g /-O3 -fPIC /' Makefile -# cd re2 && patch re2/util/mutex.h < mutex.h.patch +# cd re2/re2 && patch util/mutex.h < ../mutex.h.patch + cd re2/re2 && patch re2/onepass.cc < ../onepass.cc-multiplication-overflow.patch cd re2/re2 && sed -i -e 's/-O3 /-O3 -fPIC -DMEMORY_SANITIZER -DRE2_ON_VALGRIND /' Makefile cd re2/re2 && sed -i -e 's/RE2_CXXFLAGS?=-std=c++11 /RE2_CXXFLAGS?=-std=c++11 -fPIC /' Makefile cd re2/re2 && CC=${CC} CXX=${CXX} ${MAKE} @@ -245,6 +254,7 @@ pcre/pcre/.libs/libpcre.a: cd pcre && rm -rf pcre-8.39 cd pcre && rm -rf pcre-8.44 cd pcre && tar -zxf pcre-8.44.tar.gz + cd pcre/pcre && patch pcretest.c < ../pcretest.c-multiplication-overflow.patch cd pcre/pcre && ./configure cd pcre/pcre && CC=${CC} CXX=${CXX} ${MAKE} pcre: pcre/pcre/.libs/libpcre.a diff --git a/deps/libev/ev.c-multiplication-overflow.patch b/deps/libev/ev.c-multiplication-overflow.patch new file mode 100644 index 000000000..e72cdc9bf --- /dev/null +++ b/deps/libev/ev.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -1937,7 +1937,7 @@ + while (cnt > ncur); + + /* if size is large, round to MALLOC_ROUND - 4 * longs to accommodate malloc overhead */ +- if (elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) ++ if ((long) elem * ncur > MALLOC_ROUND - sizeof (void *) * 4) + { + ncur *= elem; + ncur = (ncur + elem + (MALLOC_ROUND - 1) + sizeof (void *) * 4) & ~(MALLOC_ROUND - 1); +@@ -1953,7 +1953,7 @@ + array_realloc (int elem, void *base, int *cur, int cnt) + { + *cur = array_nextsize (elem, *cur, cnt); +- return ev_realloc (base, elem * *cur); ++ return ev_realloc (base, (long) elem * *cur); + } + + #define array_init_zero(base,count) \ diff --git a/deps/libmicrohttpd/connection.c-snprintf-overflow.patch b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch new file mode 100644 index 000000000..af08efccc --- /dev/null +++ b/deps/libmicrohttpd/connection.c-snprintf-overflow.patch @@ -0,0 +1,20 @@ +@@ -1582,11 +1582,18 @@ + MHD_HTTP_HEADER_CONNECTION))) && + (MHD_str_equal_caseless_ (pos->value, + "Keep-Alive")) ) ) ) +- off += MHD_snprintf_ (&data[off], ++ { ++ int n = MHD_snprintf_ (&data[off], + size - off, + "%s: %s\r\n", + pos->header, + pos->value); ++ if (n < 0 || n >= size - off) ++ { ++ break; ++ } ++ off += n; ++ } + } + if (MHD_CONNECTION_FOOTERS_RECEIVED == connection->state) + { diff --git a/deps/libssl/a_time.c-multiplication-overflow.patch b/deps/libssl/a_time.c-multiplication-overflow.patch new file mode 100644 index 000000000..9dbae8092 --- /dev/null +++ b/deps/libssl/a_time.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -248,7 +248,7 @@ + } + o++; + } +- if (offset && !OPENSSL_gmtime_adj(&tmp, 0, offset * offsign)) ++ if (offset && !OPENSSL_gmtime_adj(&tmp, 0, (long) offset * offsign)) + goto err; + } else { + /* not Z, or not +/- in non-strict mode */ diff --git a/deps/libssl/curve448.c-multiplication-overflow.patch b/deps/libssl/curve448.c-multiplication-overflow.patch new file mode 100644 index 000000000..732b8e1b5 --- /dev/null +++ b/deps/libssl/curve448.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -588,7 +588,7 @@ + assert(position >= 0); + if (odd & (1 << (table_bits + 1))) + delta -= (1 << (table_bits + 1)); +- current -= delta * (1 << pos); ++ current -= (long) delta * (1 << pos); + control[position].power = pos + 16 * (w - 1); + control[position].addend = delta; + position--; diff --git a/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch new file mode 100644 index 000000000..76bcb496f --- /dev/null +++ b/deps/mariadb-client-library/ma_array.c-multiplication-overflow.patch @@ -0,0 +1,53 @@ +@@ -46,7 +46,7 @@ + array->max_element=init_alloc; + array->alloc_increment=alloc_increment; + array->size_of_element=element_size; +- if (!(array->buffer=(char*) malloc(element_size*init_alloc))) ++ if (!(array->buffer=(char*) malloc((long) element_size*init_alloc))) + { + array->max_element=0; + return(TRUE); +@@ -80,7 +80,7 @@ + if (array->elements == array->max_element) + { + char *new_ptr; +- if (!(new_ptr=(char*) realloc(array->buffer,(array->max_element+ ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) (array->max_element+ + array->alloc_increment)* + array->size_of_element))) + return 0; +@@ -111,14 +111,14 @@ + char *new_ptr; + size=(idx+array->alloc_increment)/array->alloc_increment; + size*= array->alloc_increment; +- if (!(new_ptr=(char*) realloc(array->buffer,size* ++ if (!(new_ptr=(char*) realloc(array->buffer,(long) size* + array->size_of_element))) + return TRUE; + array->buffer=new_ptr; + array->max_element=size; + } + memset((array->buffer+array->elements*array->size_of_element), 0, +- (idx - array->elements)*array->size_of_element); ++ (long) (idx - array->elements)*array->size_of_element); + array->elements=idx+1; + } + memcpy(array->buffer+(idx * array->size_of_element),element, +@@ -155,7 +155,7 @@ + char *ptr=array->buffer+array->size_of_element*idx; + array->elements--; + memmove(ptr,ptr+array->size_of_element, +- (array->elements-idx)*array->size_of_element); ++ (long) (array->elements-idx)*array->size_of_element); + } + + +@@ -166,7 +166,7 @@ + if (array->buffer && array->max_element != elements) + { + array->buffer=(char*) realloc(array->buffer, +- elements*array->size_of_element); ++ (long) elements*array->size_of_element); + array->max_element=elements; + } + } diff --git a/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch new file mode 100644 index 000000000..7df44d4e5 --- /dev/null +++ b/deps/mariadb-client-library/mariadb_dyncol.c-multiplication-overflow.patch @@ -0,0 +1,16 @@ +@@ -3999,13 +3999,13 @@ + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_DATE: +- *ll= (val->x.time_value.year * 10000 + ++ *ll= ((long) val->x.time_value.year * 10000 + + val->x.time_value.month * 100 + + val->x.time_value.day) * + (val->x.time_value.neg ? -1 : 1); + break; + case DYN_COL_TIME: +- *ll= (val->x.time_value.hour * 10000 + ++ *ll= ((long) val->x.time_value.hour * 10000 + + val->x.time_value.minute * 100 + + val->x.time_value.second) * + (val->x.time_value.neg ? -1 : 1); diff --git a/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch new file mode 100644 index 000000000..524149f84 --- /dev/null +++ b/deps/mariadb-client-library/zutil.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -303,7 +303,7 @@ + unsigned size; + { + if (opaque) items += size - size; /* make compiler happy */ +- return sizeof(uInt) > 2 ? (voidpf)malloc(items * size) : ++ return sizeof(uInt) > 2 ? (voidpf)malloc((long) items * size) : + (voidpf)calloc(items, size); + } + diff --git a/deps/pcre/pcretest.c-multiplication-overflow.patch b/deps/pcre/pcretest.c-multiplication-overflow.patch new file mode 100644 index 000000000..31d6bb37d --- /dev/null +++ b/deps/pcre/pcretest.c-multiplication-overflow.patch @@ -0,0 +1,9 @@ +@@ -4094,7 +4094,7 @@ + #endif + new_info(re, NULL, PCRE_INFO_SIZE, &size); + fprintf(outfile, "Memory allocation (code space): %d\n", +- (int)(size - real_pcre_size - name_count * name_entry_size)); ++ (int)(size - real_pcre_size - (long) name_count * name_entry_size)); + } + + /* If -s or /S was present, study the regex to generate additional info to diff --git a/deps/re2/onepass.cc-multiplication-overflow.patch b/deps/re2/onepass.cc-multiplication-overflow.patch new file mode 100644 index 000000000..67706ace5 --- /dev/null +++ b/deps/re2/onepass.cc-multiplication-overflow.patch @@ -0,0 +1,12 @@ +@@ -611,9 +611,9 @@ + LOG(ERROR) << "nodes:\n" << dump; + } + +- dfa_mem_ -= nalloc*statesize; ++ dfa_mem_ -= static_cast(nalloc)*statesize; + onepass_nodes_ = PODArray(nalloc*statesize); +- memmove(onepass_nodes_.data(), nodes.data(), nalloc*statesize); ++ memmove(onepass_nodes_.data(), nodes.data(), static_cast(nalloc)*statesize); + return true; + + fail: diff --git a/deps/sqlite3/sqlite3.c-multiplication-overflow.patch b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch new file mode 100644 index 000000000..364c7c52a --- /dev/null +++ b/deps/sqlite3/sqlite3.c-multiplication-overflow.patch @@ -0,0 +1,18 @@ +@@ -103301,7 +103301,7 @@ + int n = *pnEntry; + if( (n & (n-1))==0 ){ + int sz = (n==0) ? 1 : 2*n; +- void *pNew = sqlite3DbRealloc(db, pArray, sz*szEntry); ++ void *pNew = sqlite3DbRealloc(db, pArray, (long) sz*szEntry); + if( pNew==0 ){ + *pIdx = -1; + return pArray; +@@ -141183,7 +141183,7 @@ + pStart = 0; + }else if( pBuf==0 ){ + sqlite3BeginBenignMalloc(); +- pStart = sqlite3Malloc( sz*cnt ); /* IMP: R-61949-35727 */ ++ pStart = sqlite3Malloc( (long) sz*cnt ); /* IMP: R-61949-35727 */ + sqlite3EndBenignMalloc(); + if( pStart ) cnt = sqlite3MallocSize(pStart)/sz; + }else{ diff --git a/include/gen_utils.h b/include/gen_utils.h index f2fa0105b..21b5b977e 100644 --- a/include/gen_utils.h +++ b/include/gen_utils.h @@ -88,7 +88,7 @@ class PtrArray { void * remove_index(unsigned int i) { void *r=pdata[i]; if (i != (len-1)) { - memmove(pdata+(i)*sizeof(void *),pdata+(i+1)*sizeof(void *),(len-i-1)*sizeof(void *)); + memmove((void **)pdata+i,(void **)pdata+i+1,(len-i-1)*sizeof(void *)); } len--; if ( ( len>MIN_ARRAY_LEN ) && ( size > len*MIN_ARRAY_DELETE_RATIO ) ) { diff --git a/lib/Makefile b/lib/Makefile index 5f1fa6664..1d98619cc 100644 --- a/lib/Makefile +++ b/lib/Makefile @@ -1,7 +1,7 @@ ifndef GIT_VERSION -GIT_VERSION := $(shell git describe --long --abbrev=7) + GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -$(error GIT_VERSION is not set) + $(error GIT_VERSION is not set) endif endif diff --git a/lib/ProxySQL_Admin.cpp b/lib/ProxySQL_Admin.cpp index a2f8499e0..761679d58 100644 --- a/lib/ProxySQL_Admin.cpp +++ b/lib/ProxySQL_Admin.cpp @@ -3507,7 +3507,7 @@ SQLite3_result * ProxySQL_Admin::generate_show_table_status(const char *tablenam pta[0]=NULL; char *tn=NULL; // tablename // note that tablename is passed with a trailing ' - tn=(char *)malloc(strlen(tablename)); + tn=(char *)malloc(strlen(tablename)+1); unsigned int i=0, j=0; while (i opts->groups_grouping_limit) { - memmove(shared_st->res_pre_pos, pattern_start, group_pattern_size * opts->groups_grouping_limit); + memmove(shared_st->res_pre_pos, pattern_start, (long) group_pattern_size * opts->groups_grouping_limit); shared_st->res_pre_pos += group_pattern_size * opts->groups_grouping_limit; *shared_st->res_pre_pos++ = '.'; *shared_st->res_pre_pos++ = '.'; diff --git a/src/Makefile b/src/Makefile index 14caadcf0..7d396f833 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,7 +1,7 @@ ifndef GIT_VERSION -GIT_VERSION := $(shell git describe --long --abbrev=7) + GIT_VERSION := $(shell git describe --long --abbrev=7) ifndef GIT_VERSION -$(error GIT_VERSION is not set) + $(error GIT_VERSION is not set) endif endif diff --git a/src/SQLite3_Server.cpp b/src/SQLite3_Server.cpp index d14d71afe..b9d7f02e0 100644 --- a/src/SQLite3_Server.cpp +++ b/src/SQLite3_Server.cpp @@ -318,7 +318,7 @@ void SQLite3_Server_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *p SQLite3_result *resultset=NULL; char *strA=NULL; char *strB=NULL; - int strAl, strBl; + size_t strAl, strBl; char *query=NULL; unsigned int query_length=pkt->size-sizeof(mysql_hdr); query=(char *)l_alloc(query_length); @@ -515,9 +515,9 @@ void SQLite3_Server_session_handler(MySQL_Session *sess, void *_pa, PtrSize_t *p strB=(char *)"SELECT name AS tables FROM sqlite_master WHERE type='table' AND name LIKE '%s'"; strBl=strlen(strB); char *tn=NULL; // tablename - tn=(char *)malloc(strlen(strA)); + tn=(char *)malloc(strAl+1); unsigned int i=0, j=0; - while (i