Loading sql/sql_udf.cc +6 −4 Original line number Diff line number Diff line Loading @@ -190,7 +190,9 @@ void udf_init() This is done to ensure that only approved dll from the system directories are used (to make this even remotely secure). */ if (strchr(dl_name, '/') || strlen(name) > NAME_LEN) if (strchr(dl_name, '/') || IF_WIN(strchr(dl_name, '\\'),0) || strlen(name) > NAME_LEN) { sql_print_error("Invalid row in mysql.func table for function '%.64s'", name); Loading Loading @@ -219,7 +221,7 @@ void udf_init() } tmp->dlhandle = dl; { char buf[MAX_FIELD_NAME+16], *missing; char buf[NAME_LEN+16], *missing; if ((missing= init_syms(tmp, buf))) { sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing); Loading Loading @@ -403,7 +405,7 @@ int mysql_create_function(THD *thd,udf_func *udf) This is done to ensure that only approved dll from the system directories are used (to make this even remotely secure). */ if (strchr(udf->dl, '/')) if (strchr(udf->dl, '/') || IF_WIN(strchr(dl_name, '\\'),0)) { send_error(&thd->net, ER_UDF_NO_PATHS,ER(ER_UDF_NO_PATHS)); DBUG_RETURN(1); Loading Loading @@ -433,7 +435,7 @@ int mysql_create_function(THD *thd,udf_func *udf) } udf->dlhandle=dl; { char buf[MAX_FIELD_NAME+16], *missing; char buf[NAME_LEN+16], *missing; if ((missing= init_syms(udf, buf))) { net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, missing); Loading Loading
sql/sql_udf.cc +6 −4 Original line number Diff line number Diff line Loading @@ -190,7 +190,9 @@ void udf_init() This is done to ensure that only approved dll from the system directories are used (to make this even remotely secure). */ if (strchr(dl_name, '/') || strlen(name) > NAME_LEN) if (strchr(dl_name, '/') || IF_WIN(strchr(dl_name, '\\'),0) || strlen(name) > NAME_LEN) { sql_print_error("Invalid row in mysql.func table for function '%.64s'", name); Loading Loading @@ -219,7 +221,7 @@ void udf_init() } tmp->dlhandle = dl; { char buf[MAX_FIELD_NAME+16], *missing; char buf[NAME_LEN+16], *missing; if ((missing= init_syms(tmp, buf))) { sql_print_error(ER(ER_CANT_FIND_DL_ENTRY), missing); Loading Loading @@ -403,7 +405,7 @@ int mysql_create_function(THD *thd,udf_func *udf) This is done to ensure that only approved dll from the system directories are used (to make this even remotely secure). */ if (strchr(udf->dl, '/')) if (strchr(udf->dl, '/') || IF_WIN(strchr(dl_name, '\\'),0)) { send_error(&thd->net, ER_UDF_NO_PATHS,ER(ER_UDF_NO_PATHS)); DBUG_RETURN(1); Loading Loading @@ -433,7 +435,7 @@ int mysql_create_function(THD *thd,udf_func *udf) } udf->dlhandle=dl; { char buf[MAX_FIELD_NAME+16], *missing; char buf[NAME_LEN+16], *missing; if ((missing= init_syms(udf, buf))) { net_printf(&thd->net, ER_CANT_FIND_DL_ENTRY, missing); Loading
