Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
2da8ba64
Commit
2da8ba64
authored
May 04, 2011
by
Georgi Kodinov
Browse files
Options
Browse Files
Download
Plain Diff
merge mysql-5.1-security->mysql-5.5-security
parents
01b68c51
b96d97fd
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
151 additions
and
18 deletions
+151
-18
mysql-test/r/secure_file_priv_win.result
mysql-test/r/secure_file_priv_win.result
+38
-0
mysql-test/t/secure_file_priv_win-master.opt
mysql-test/t/secure_file_priv_win-master.opt
+1
-0
mysql-test/t/secure_file_priv_win.test
mysql-test/t/secure_file_priv_win.test
+79
-0
mysys/my_symlink.c
mysys/my_symlink.c
+10
-11
sql/mysqld.cc
sql/mysqld.cc
+18
-2
sql/sql_load.cc
sql/sql_load.cc
+5
-5
No files found.
mysql-test/r/secure_file_priv_win.result
0 → 100644
View file @
2da8ba64
CREATE TABLE t1 (c1 longtext);
INSERT INTO t1 values ('a');
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR/B11764517.tmp';
show global variables like 'secure_file_priv';
Variable_name Value
secure_file_priv MYSQL_TMP_DIR/
SELECT load_file('MYSQL_TMP_DIR\\B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_UCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_LCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp') AS x;
x
NULL
LOAD DATA INFILE 'MYSQL_TMP_DIR\\B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_UCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_LCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE "MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp" into table t1;
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517-2.tmp';
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\B11764517-2.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR/B11764517-3.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_UCASE/B11764517-4.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_LCASE/B11764517-5.tmp';
DROP TABLE t1;
mysql-test/t/secure_file_priv_win-master.opt
0 → 100644
View file @
2da8ba64
--secure_file_priv=$MYSQL_TMP_DIR
mysql-test/t/secure_file_priv_win.test
0 → 100644
View file @
2da8ba64
#
# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders
#
# we do the windows specific relative directory testing
--
source
include
/
windows
.
inc
CREATE
TABLE
t1
(
c1
longtext
);
INSERT
INTO
t1
values
(
'a'
);
LET
$MYSQL_TMP_DIR_UCASE
=
`SELECT upper('$MYSQL_TMP_DIR')`
;
LET
$MYSQL_TMP_DIR_LCASE
=
`SELECT lower('$MYSQL_TMP_DIR')`
;
#create the file
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR/B11764517.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
show
global
variables
like
'secure_file_priv'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR\\\\B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR_UCASE/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR_LCASE/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR\\\\..a..\\\\..\\\\..\\\\B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR\\\\B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR_UCASE/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR_LCASE/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
--
error
ER_OPTION_PREVENTS_STATEMENT
eval
LOAD
DATA
INFILE
"
$MYSQL_TMP_DIR
\\\\
..a..
\\\\
..
\\\\
..
\\\\
B11764517.tmp"
into
table
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
--
error
ER_OPTION_PREVENTS_STATEMENT
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR\\\\..a..\\\\..\\\\..\\\\B11764517-2.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR\\\\B11764517-2.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR/B11764517-3.tmp'
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR_UCASE/B11764517-4.tmp'
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR_LCASE/B11764517-5.tmp'
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
2.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
3.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
4.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
5.
tmp
;
DROP
TABLE
t1
;
mysys/my_symlink.c
View file @
2da8ba64
...
...
@@ -144,24 +144,23 @@ int my_realpath(char *to, const char *filename, myf MyFlags)
result
=
-
1
;
}
DBUG_RETURN
(
result
);
#else
#ifdef _WIN32
int
ret
=
GetFullPathName
(
filename
,
FN_REFLEN
,
to
,
NULL
);
#elif defined(_WIN32)
int
ret
=
GetFullPathName
(
filename
,
FN_REFLEN
,
to
,
NULL
);
if
(
ret
==
0
||
ret
>
FN_REFLEN
)
{
if
(
ret
>
FN_REFLEN
)
my_errno
=
ENAMETOOLONG
;
else
my_errno
=
EACCES
;
my_errno
=
(
ret
>
FN_REFLEN
)
?
ENAMETOOLONG
:
GetLastError
();
if
(
MyFlags
&
MY_WME
)
my_error
(
EE_REALPATH
,
MYF
(
0
),
filename
,
my_errno
);
return
-
1
;
/*
GetFullPathName didn't work : use my_load_path() which is a poor
substitute original name but will at least be able to resolve
paths that starts with '.'.
*/
my_load_path
(
to
,
filename
,
NullS
);
return
-
1
;
}
#else
my_load_path
(
to
,
filename
,
NullS
);
#endif
return
0
;
#endif
}
sql/mysqld.cc
View file @
2da8ba64
...
...
@@ -7489,12 +7489,15 @@ fn_format_relative_to_data_home(char * to, const char *name,
bool
is_secure_file_path
(
char
*
path
)
{
char
buff1
[
FN_REFLEN
],
buff2
[
FN_REFLEN
];
size_t
opt_secure_file_priv_len
;
/*
All paths are secure if opt_secure_file_path is 0
*/
if
(
!
opt_secure_file_priv
)
return
TRUE
;
opt_secure_file_priv_len
=
strlen
(
opt_secure_file_priv
);
if
(
strlen
(
path
)
>=
FN_REFLEN
)
return
FALSE
;
...
...
@@ -7512,11 +7515,24 @@ bool is_secure_file_path(char *path)
return
FALSE
;
}
convert_dirname
(
buff2
,
buff1
,
NullS
);
if
(
strncmp
(
opt_secure_file_priv
,
buff2
,
strlen
(
opt_secure_file_priv
)))
return
FALSE
;
if
(
!
lower_case_file_system
)
{
if
(
strncmp
(
opt_secure_file_priv
,
buff2
,
opt_secure_file_priv_len
))
return
FALSE
;
}
else
{
if
(
files_charset_info
->
coll
->
strnncoll
(
files_charset_info
,
(
uchar
*
)
buff2
,
strlen
(
buff2
),
(
uchar
*
)
opt_secure_file_priv
,
opt_secure_file_priv_len
,
TRUE
))
return
FALSE
;
}
return
TRUE
;
}
static
int
fix_paths
(
void
)
{
char
buff
[
FN_REFLEN
],
*
pos
;
...
...
sql/sql_load.cc
View file @
2da8ba64
...
...
@@ -397,8 +397,8 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
#if !defined(__WIN__) && ! defined(__NETWARE__)
MY_STAT
stat_info
;
if
(
!
my_stat
(
name
,
&
stat_info
,
MYF
(
MY_WME
)))
DBUG_RETURN
(
TRUE
);
if
(
!
my_stat
(
name
,
&
stat_info
,
MYF
(
MY_WME
)))
DBUG_RETURN
(
TRUE
);
// if we are not in slave thread, the file must be:
if
(
!
thd
->
slave_thread
&&
...
...
@@ -406,11 +406,11 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
((
stat_info
.
st_mode
&
S_IFREG
)
==
S_IFREG
||
// regular file
(
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)))
// named pipe
{
my_error
(
ER_TEXTFILE_NOT_READABLE
,
MYF
(
0
),
name
);
DBUG_RETURN
(
TRUE
);
my_error
(
ER_TEXTFILE_NOT_READABLE
,
MYF
(
0
),
name
);
DBUG_RETURN
(
TRUE
);
}
if
((
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)
is_fifo
=
1
;
is_fifo
=
1
;
#endif
if
((
file
=
mysql_file_open
(
key_file_load
,
name
,
O_RDONLY
,
MYF
(
MY_WME
)))
<
0
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment