Fix for Bug#29605

--local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response
  
Add a check for CLIENT_LOCAL_FILES before sending a local file.
Beware, that all binary distributions enable sending of local files and it's up
to the programs which use libmysql to disable it, if they don't use this functionality.
Otherwise they are not safe.
parent 04b306da
......@@ -6333,6 +6333,8 @@ int util_query(MYSQL* org_mysql, const char* query){
if (!(mysql= mysql_init(mysql)))
die("Failed in mysql_init()");
/* enable local infile, in non-binary builds often disabled by default */
mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, 0);
safe_connect(mysql, "util", org_mysql->host, org_mysql->user,
org_mysql->passwd, org_mysql->db, org_mysql->port,
org_mysql->unix_socket);
......
......@@ -2736,7 +2736,15 @@ get_info:
#ifdef MYSQL_CLIENT
if (field_count == NULL_LENGTH) /* LOAD DATA LOCAL INFILE */
{
int error=handle_local_infile(mysql,(char*) pos);
int error;
if (!(mysql->options.client_flag & CLIENT_LOCAL_FILES))
{
set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate);
DBUG_RETURN(1);
}
error= handle_local_infile(mysql,(char*) pos);
if ((length= cli_safe_read(mysql)) == packet_error || error)
DBUG_RETURN(1);
goto get_info; /* Get info packet */
......
......@@ -289,6 +289,8 @@ static void client_connect(ulong flag)
myerror("mysql_init() failed");
exit(1);
}
/* enable local infile, in non-binary builds often disabled by default */
mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, 0);
if (!(mysql_real_connect(mysql, opt_host, opt_user,
opt_password, opt_db ? opt_db:"test", opt_port,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment