MDEV-40056 - Galera Dynamic Variables Susceptible to RCEs#5268
MDEV-40056 - Galera Dynamic Variables Susceptible to RCEs#5268janlindstrom wants to merge 1 commit into
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates SSL version requirements, skips the galera_sst_cn_injection test for OpenSSL versions below 3.0.0, and refactors wsrep_shell_char in sql/wsrep_utils.cc to use a whitelist of safe characters instead of a blacklist. The review feedback highlights two important issues: first, allowing shell expansion characters like [, ], ~, and ^ in the unquoted whitelist is risky and could lead to unexpected shell behavior or command injection; second, using string comparison (ge) for version checks is fragile and will fail for future major versions (e.g., OpenSSL 10.x), so a numeric comparison on the major version is recommended.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Make check stronger and require OpenSSL version > 1.1.1 for test case.
janlindstrom
force-pushed
the
10.6-MDEV-40056
branch
from
eac56ff to
7ed46e2
Compare
2 participants
Make check stronger and require OpenSSL version > 1.1.1 for test case.