From d0fb48557337c61b96a6e526314da050cd76fe4c Mon Sep 17 00:00:00 2001 From: Ganlin Zhao Date: Tue, 29 Aug 2023 15:51:29 +0800 Subject: [PATCH] fix all possible overflow using md5 --- include/util/tutil.h | 14 ++++++++++++++ source/libs/function/src/functionMgt.c | 8 ++++++-- source/libs/parser/src/parTranslater.c | 22 +++++++++++++--------- source/libs/planner/inc/planInt.h | 1 - source/libs/planner/src/planOptimizer.c | 7 +++++-- source/libs/planner/src/planPhysiCreater.c | 8 +++----- source/libs/planner/src/planSpliter.c | 12 ++++++++++-- source/libs/planner/src/planUtil.c | 15 --------------- 8 files changed, 51 insertions(+), 36 deletions(-) diff --git a/include/util/tutil.h b/include/util/tutil.h index a2cfa4cfe5..de2cd205f2 100644 --- a/include/util/tutil.h +++ b/include/util/tutil.h @@ -79,6 +79,20 @@ static FORCE_INLINE void taosEncryptPass_c(uint8_t *inBuf, size_t len, char *tar memcpy(target, buf, TSDB_PASSWORD_LEN); } +static FORCE_INLINE int32_t taosCreateMD5Hash(char *pBuf, int32_t len) { + T_MD5_CTX ctx; + tMD5Init(&ctx); + tMD5Update(&ctx, (uint8_t*)pBuf, len); + tMD5Final(&ctx); + char* p = pBuf; + int32_t resLen = 0; + for (uint8_t i = 0; i < tListLen(ctx.digest); ++i) { + resLen += snprintf(p, 3, "%02x", ctx.digest[i]); + p += 2; + } + return resLen; +} + static FORCE_INLINE int32_t taosGetTbHashVal(const char *tbname, int32_t tblen, int32_t method, int32_t prefix, int32_t suffix) { if ((prefix == 0 && suffix == 0) || (tblen <= (prefix + suffix)) || (tblen <= -1 * (prefix + suffix)) || diff --git a/source/libs/function/src/functionMgt.c b/source/libs/function/src/functionMgt.c index 345020cee2..5c44c27333 100644 --- a/source/libs/function/src/functionMgt.c +++ b/source/libs/function/src/functionMgt.c @@ -391,8 +391,12 @@ static int32_t createPartialFunction(const SFunctionNode* pSrcFunc, SFunctionNod nodesDestroyList(pParameterList); return TSDB_CODE_OUT_OF_MEMORY; } - snprintf((*pPartialFunc)->node.aliasName, sizeof((*pPartialFunc)->node.aliasName), "%s.%p", - (*pPartialFunc)->functionName, pSrcFunc); + char name[TSDB_FUNC_NAME_LEN + TSDB_NAME_DELIMITER_LEN + sizeof(pSrcFunc) + 1] = {0}; + int32_t len = snprintf(name, sizeof(name) - 1, "%s.%p", (*pPartialFunc)->functionName, pSrcFunc); + taosCreateMD5Hash(name, len); + strcpy((*pPartialFunc)->node.aliasName, name); + //snprintf((*pPartialFunc)->node.aliasName, sizeof((*pPartialFunc)->node.aliasName), "%s.%p", + // (*pPartialFunc)->functionName, pSrcFunc); return TSDB_CODE_SUCCESS; } diff --git a/source/libs/parser/src/parTranslater.c b/source/libs/parser/src/parTranslater.c index 8ce68a5c8c..2137a6c24a 100644 --- a/source/libs/parser/src/parTranslater.c +++ b/source/libs/parser/src/parTranslater.c @@ -2831,7 +2831,7 @@ static SNode* createMultiResFunc(SFunctionNode* pSrcFunc, SExprNode* pExpr) { pFunc->funcId = pSrcFunc->funcId; pFunc->funcType = pSrcFunc->funcType; strcpy(pFunc->functionName, pSrcFunc->functionName); - char buf[TSDB_FUNC_NAME_LEN + TSDB_TABLE_NAME_LEN + TSDB_COL_NAME_LEN]; + char buf[TSDB_FUNC_NAME_LEN + TSDB_TABLE_NAME_LEN + TSDB_COL_NAME_LEN + TSDB_NAME_DELIMITER_LEN + 3] = {0}; int32_t len = 0; if (QUERY_NODE_COLUMN == nodeType(pExpr)) { SColumnNode* pCol = (SColumnNode*)pExpr; @@ -2839,16 +2839,20 @@ static SNode* createMultiResFunc(SFunctionNode* pSrcFunc, SExprNode* pExpr) { strcpy(pFunc->node.userAlias, pCol->colName); strcpy(pFunc->node.aliasName, pCol->colName); } else { - len = snprintf(buf, sizeof(buf), "%s(%s.%s)", pSrcFunc->functionName, pCol->tableAlias, pCol->colName); - strncpy(pFunc->node.aliasName, buf, TMIN(len, sizeof(pFunc->node.aliasName) - 1)); - len = snprintf(buf, sizeof(buf), "%s(%s)", pSrcFunc->functionName, pCol->colName); - strncpy(pFunc->node.userAlias, buf, TMIN(len, sizeof(pFunc->node.userAlias) - 1)); + len = snprintf(buf, sizeof(buf) - 1, "%s(%s.%s)", pSrcFunc->functionName, pCol->tableAlias, pCol->colName); + taosCreateMD5Hash(buf, len); + strncpy(pFunc->node.aliasName, buf, TSDB_COL_NAME_LEN - 1); + len = snprintf(buf, sizeof(buf) - 1, "%s(%s)", pSrcFunc->functionName, pCol->colName); + taosCreateMD5Hash(buf, len); + strncpy(pFunc->node.userAlias, buf, TSDB_COL_NAME_LEN - 1); } } else { - len = snprintf(buf, sizeof(buf), "%s(%s)", pSrcFunc->functionName, pExpr->aliasName); - strncpy(pFunc->node.aliasName, buf, TMIN(len, sizeof(pFunc->node.aliasName) - 1)); - len = snprintf(buf, sizeof(buf), "%s(%s)", pSrcFunc->functionName, pExpr->userAlias); - strncpy(pFunc->node.userAlias, buf, TMIN(len, sizeof(pFunc->node.userAlias) - 1)); + len = snprintf(buf, sizeof(buf) - 1, "%s(%s)", pSrcFunc->functionName, pExpr->aliasName); + taosCreateMD5Hash(buf, len); + strncpy(pFunc->node.aliasName, buf, TSDB_COL_NAME_LEN - 1); + len = snprintf(buf, sizeof(buf) - 1, "%s(%s)", pSrcFunc->functionName, pExpr->userAlias); + taosCreateMD5Hash(buf, len); + strncpy(pFunc->node.userAlias, buf, TSDB_COL_NAME_LEN - 1); } return (SNode*)pFunc; diff --git a/source/libs/planner/inc/planInt.h b/source/libs/planner/inc/planInt.h index b70b04bb88..092fe17411 100644 --- a/source/libs/planner/inc/planInt.h +++ b/source/libs/planner/inc/planInt.h @@ -36,7 +36,6 @@ int32_t createColumnByRewriteExprs(SNodeList* pExprs, SNodeList** pList); int32_t createColumnByRewriteExpr(SNode* pExpr, SNodeList** pList); int32_t replaceLogicNode(SLogicSubplan* pSubplan, SLogicNode* pOld, SLogicNode* pNew); int32_t adjustLogicNodeDataRequirement(SLogicNode* pNode, EDataOrderLevel requirement); -int32_t createMD5HashFromName(char *pName, int32_t len); int32_t createLogicPlan(SPlanContext* pCxt, SLogicSubplan** pLogicSubplan); int32_t optimizeLogicPlan(SPlanContext* pCxt, SLogicSubplan* pLogicSubplan); diff --git a/source/libs/planner/src/planOptimizer.c b/source/libs/planner/src/planOptimizer.c index 920d465412..010bbe6477 100644 --- a/source/libs/planner/src/planOptimizer.c +++ b/source/libs/planner/src/planOptimizer.c @@ -1614,7 +1614,7 @@ static void partTagsSetAlias(char* pAlias, const char* pTableAlias, const char* char name[TSDB_COL_FNAME_LEN + 1] = {0}; int32_t len = snprintf(name, TSDB_COL_FNAME_LEN, "%s.%s", pTableAlias, pColName); - createMD5HashFromName(name, len); + taosCreateMD5Hash(name, len); strcpy(pAlias, name); } @@ -2136,7 +2136,10 @@ static SNode* rewriteUniqueOptCreateFirstFunc(SFunctionNode* pSelectValue, SNode strcpy(pFunc->node.aliasName, pSelectValue->node.aliasName); } else { int64_t pointer = (int64_t)pFunc; - snprintf(pFunc->node.aliasName, sizeof(pFunc->node.aliasName), "%s.%" PRId64 "", pFunc->functionName, pointer); + char name[TSDB_FUNC_NAME_LEN + sizeof(pointer) + TSDB_NAME_DELIMITER_LEN + 1] = {0}; + int32_t len = snprintf(name, sizeof(name) - 1, "%s.%" PRId64 "", pFunc->functionName, pointer); + taosCreateMD5Hash(name, len); + strncpy(pFunc->node.aliasName, name, TSDB_COL_NAME_LEN - 1); } int32_t code = nodesListMakeStrictAppend(&pFunc->pParameterList, nodesCloneNode(pCol)); if (TSDB_CODE_SUCCESS == code) { diff --git a/source/libs/planner/src/planPhysiCreater.c b/source/libs/planner/src/planPhysiCreater.c index 8aa5303a20..d6a59ba42c 100644 --- a/source/libs/planner/src/planPhysiCreater.c +++ b/source/libs/planner/src/planPhysiCreater.c @@ -45,8 +45,7 @@ static int32_t getSlotKey(SNode* pNode, const char* pStmtName, char* pKey, int32 SColumnNode* pCol = (SColumnNode*)pNode; if (NULL != pStmtName) { if ('\0' != pStmtName[0]) { - len = snprintf(pKey, keyBufSize, "%s.%s", pStmtName, pCol->node.aliasName); - return createMD5HashFromName(pKey, len); + return snprintf(pKey, keyBufSize, "%s.%s", pStmtName, pCol->node.aliasName); } else { return snprintf(pKey, keyBufSize, "%s", pCol->node.aliasName); } @@ -56,12 +55,11 @@ static int32_t getSlotKey(SNode* pNode, const char* pStmtName, char* pKey, int32 } len = snprintf(pKey, keyBufSize, "%s.%s", pCol->tableAlias, pCol->colName); - return createMD5HashFromName(pKey, len); + return taosCreateMD5Hash(pKey, len); } if (NULL != pStmtName && '\0' != pStmtName[0]) { - len = snprintf(pKey, keyBufSize, "%s.%s", pStmtName, ((SExprNode*)pNode)->aliasName); - return createMD5HashFromName(pKey, len); + return snprintf(pKey, keyBufSize, "%s.%s", pStmtName, ((SExprNode*)pNode)->aliasName); } return snprintf(pKey, keyBufSize, "%s", ((SExprNode*)pNode)->aliasName); diff --git a/source/libs/planner/src/planSpliter.c b/source/libs/planner/src/planSpliter.c index 84a486649e..674ec7ca70 100644 --- a/source/libs/planner/src/planSpliter.c +++ b/source/libs/planner/src/planSpliter.c @@ -388,7 +388,11 @@ static int32_t stbSplAppendWStart(SNodeList* pFuncs, int32_t* pIndex) { } strcpy(pWStart->functionName, "_wstart"); int64_t pointer = (int64_t)pWStart; - snprintf(pWStart->node.aliasName, sizeof(pWStart->node.aliasName), "%s.%" PRId64 "", pWStart->functionName, pointer); + char name[TSDB_COL_NAME_LEN + sizeof(pointer) + TSDB_NAME_DELIMITER_LEN + 1] = {0}; + int32_t len = snprintf(name, sizeof(name) - 1, "%s.%" PRId64 "", pWStart->functionName, pointer); + taosCreateMD5Hash(name, len); + strncpy(pWStart->node.aliasName, name, TSDB_COL_NAME_LEN - 1); + int32_t code = fmGetFuncInfo(pWStart, NULL, 0); if (TSDB_CODE_SUCCESS == code) { code = nodesListStrictAppend(pFuncs, (SNode*)pWStart); @@ -414,7 +418,11 @@ static int32_t stbSplAppendWEnd(SWindowLogicNode* pWin, int32_t* pIndex) { } strcpy(pWEnd->functionName, "_wend"); int64_t pointer = (int64_t)pWEnd; - snprintf(pWEnd->node.aliasName, sizeof(pWEnd->node.aliasName), "%s.%" PRId64 "", pWEnd->functionName, pointer); + char name[TSDB_COL_NAME_LEN + sizeof(pointer) + TSDB_NAME_DELIMITER_LEN + 1] = {0}; + int32_t len = snprintf(name, sizeof(name) - 1, "%s.%" PRId64 "", pWEnd->functionName, pointer); + taosCreateMD5Hash(name, len); + strncpy(pWEnd->node.aliasName, name, TSDB_COL_NAME_LEN - 1); + int32_t code = fmGetFuncInfo(pWEnd, NULL, 0); if (TSDB_CODE_SUCCESS == code) { code = nodesListStrictAppend(pWin->pFuncs, (SNode*)pWEnd); diff --git a/source/libs/planner/src/planUtil.c b/source/libs/planner/src/planUtil.c index 32f4a25a42..50f64c6be3 100644 --- a/source/libs/planner/src/planUtil.c +++ b/source/libs/planner/src/planUtil.c @@ -373,18 +373,3 @@ bool isPartTableAgg(SAggLogicNode* pAgg) { bool isPartTableWinodw(SWindowLogicNode* pWindow) { return stbHasPartTbname(stbSplGetPartKeys((SLogicNode*)nodesListGetNode(pWindow->node.pChildren, 0))); } - -int32_t createMD5HashFromName(char *pName, int32_t len) { - T_MD5_CTX ctx; - tMD5Init(&ctx); - tMD5Update(&ctx, (uint8_t*)pName, len); - tMD5Final(&ctx); - char* p = pName; - int32_t resLen = 0; - for (uint8_t i = 0; i < tListLen(ctx.digest); ++i) { - resLen += snprintf(p, 3, "%02x", ctx.digest[i]); - p += 2; - } - - return resLen; -}