Bug#21286722 MISSING SANITY CHECKS FOR MALLOC() IN RESTORE.CPP, DBUTIL.CPP, SQLCLIENT.CPP

dineshsuryaprakash · dineshsuryaprakash · commit e475d10f3e79 · 2016-08-31T15:04:45.000+05:30
PART 1: RESTORE.CPP

In RESTORE.CPP when we try to create the Constructor for
RestoreDataIterator
it calls system malloc and does not check for failure. As this can lead
to crash, have added a validation function(validateRestoreDataIterator,
validateBackupFile) which checks for the malloc failure.

Hence, whenever we try to create an instance of class RestoreDataIterator
it is mandatory to call validateRestoreDataIterator and
validateBackupFile.
Currently it’s been used only once. So, have added validation check in
that location.
diff --git a/storage/ndb/tools/restore/Restore.cpp b/storage/ndb/tools/restore/Restore.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -803,6 +803,19 @@ RestoreDataIterator::RestoreDataIterator(const RestoreMetaData & md, void (* _fr
   m_row_bitfield_len = 0;
 }
 
+
+bool
+RestoreDataIterator::validateRestoreDataIterator()
+{
+    if (!m_bitfield_storage_ptr)
+    {
+        err << "m_bitfield_storage_ptr is NULL" << endl;
+        return false;
+    }
+    return true;
+}
+
+
 RestoreDataIterator::~RestoreDataIterator()
 {
   free_bitfield_storage();
@@ -1335,6 +1348,17 @@ BackupFile::BackupFile(void (* _free_data_callback)())
 #endif
 }
 
+bool
+BackupFile::validateBackupFile()
+{
+    if (!m_buffer)
+    {
+        err << "m_buffer is NULL" << endl;
+        return false;
+    }
+    return true;
+}
+
 BackupFile::~BackupFile()
 {
   (void)ndbzclose(&m_file);
diff --git a/storage/ndb/tools/restore/Restore.hpp b/storage/ndb/tools/restore/Restore.hpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -370,6 +370,7 @@ class BackupFile {
 public:
   bool readHeader();
   bool validateFooter();
+  bool validateBackupFile();
 
   const char * getPath() const { return m_path;}
   const char * getFilename() const { return m_fileName;}
@@ -451,6 +452,7 @@ class RestoreDataIterator : public BackupFile {
   // Read data file fragment header
   bool readFragmentHeader(int & res, Uint32 *fragmentId);
   bool validateFragmentFooter();
+  bool validateRestoreDataIterator();
 
   const TupleS *getNextTuple(int & res);
   TableS *getCurrentTable();
diff --git a/storage/ndb/tools/restore/restore_main.cpp b/storage/ndb/tools/restore/restore_main.cpp
@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2003, 2010, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2003, 2016, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1552,6 +1552,19 @@ main(int argc, char** argv)
       }
         
       RestoreDataIterator dataIter(metaData, &free_data_callback);
+
+      if (!dataIter.validateBackupFile())
+      {
+          err << "Unable to allocate memory for BackupFile constructor" << endl;
+          exitHandler(NDBT_FAILED);
+      }
+
+
+      if (!dataIter.validateRestoreDataIterator())
+      {
+          err << "Unable to allocate memory for RestoreDataIterator constructor" << endl;
+          exitHandler(NDBT_FAILED);
+      }
       
       // Read data file header
       if (!dataIter.readHeader())
