Commit 017b88f0 authored by Kristofer Pettersson's avatar Kristofer Pettersson

Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows

Where realpath(3) is used in Linux, mf_load_path is
used for Windows. This function doesn't however
correspond to the functionality of realpath.
This patch attempts to do better by using 
the Windows function GetFullPathName() instead.
parent 9ef7eac2
......@@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
#endif
}
/*
Resolve all symbolic links in path
'to' may be equal to 'filename'
......@@ -146,8 +145,24 @@ int my_realpath(char *to, const char *filename,
result= -1;
}
DBUG_RETURN(result);
#else
#ifdef _WIN32
int ret= GetFullPathName(filename,FN_REFLEN,
to,
NULL);
if (ret == 0 || ret > FN_REFLEN)
{
if (ret > FN_REFLEN)
my_errno= ENAMETOOLONG;
else
my_errno= EACCES;
if (MyFlags & MY_WME)
my_error(EE_REALPATH, MYF(0), filename, my_errno);
return -1;
}
#else
my_load_path(to, filename, NullS);
#endif
return 0;
#endif
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment