merge 5.1-security => 5.5-security

8dc1e334 · Kristofer Pettersson · 4fd5cff8 · bef12c6e · 8dc1e334 · 8dc1e334
Commit 8dc1e334 authored Dec 16, 2010 by Kristofer Pettersson
5 changed files
--- a/mysql-test/mysql-test-run.pl
+++ b/mysql-test/mysql-test-run.pl
@@ -2186,6 +2186,16 @@ sub environment_setup {
  $ENV{'MYSQL_LIBDIR'}=       "$basedir/lib";
  $ENV{'MYSQL_SHAREDIR'}=     $path_language;
  $ENV{'MYSQL_CHARSETSDIR'}=  $path_charsetsdir;
+  if (IS_WINDOWS)
+  {
+    $ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."\\std_data";
+  }
+  else
+  {
+    $ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."/std_data";
+  }
  # ----------------------------------------------------
  # Setup env for NDB

--- a/mysql-test/suite/sys_vars/r/secure_file_priv2.result
+++ b/mysql-test/suite/sys_vars/r/secure_file_priv2.result
+CREATE TABLE t1 (c1 INT);
+LOAD DATA INFILE "t1.MYI" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+LOAD DATA INFILE "/test" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+DROP TABLE t1;
--- a/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt
+--secure_file_priv=$SECURE_LOAD_PATH
--- a/mysql-test/suite/sys_vars/t/secure_file_priv2.test
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv2.test
+#
+# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders
+#
+CREATE TABLE t1 (c1 INT);
+#
+# Before the patch this statement failed with
+# Linux:
+#  -> errno 13: 'Can't get stat of '
+# Windows:
+#  -> Warning 1366 Incorrect integer value: '■■☺' for
+#  ->              column 'c1' at row 1
+# Now it should consistently fail with ER_OPTION_PREVENTS_STATEMENT
+# on all platforms.
+--error ER_OPTION_PREVENTS_STATEMENT
+LOAD DATA INFILE "t1.MYI" into table t1;
+#
+# The following test makes the assuption that /test isn't a valid path in any
+# operating system running the test suite.
+--error ER_OPTION_PREVENTS_STATEMENT
+LOAD DATA INFILE "/test" into table t1;
+DROP TABLE t1;
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -363,58 +363,57 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
      (void) fn_format(name, ex->file_name, mysql_real_data_home, "",
                       MY_RELATIVE_PATH | MY_UNPACK_FILENAME |
                       MY_RETURN_REAL_PATH);
-#if !defined(__WIN__)
+    }
-      MY_STAT stat_info;
-      if (!mysql_file_stat(key_file_load, name, &stat_info, MYF(MY_WME)))
-	DBUG_RETURN(TRUE);
-      // if we are not in slave thread, the file must be:
-      if (!thd->slave_thread &&
-	  !((stat_info.st_mode & S_IROTH) == S_IROTH &&  // readable by others
-	    (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink
-	    ((stat_info.st_mode & S_IFREG) == S_IFREG ||
-	     (stat_info.st_mode & S_IFIFO) == S_IFIFO)))
-      {
-	my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name);
-	DBUG_RETURN(TRUE);
-      }
-      if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
-	is_fifo = 1;
-#endif
-      if (thd->slave_thread)
+    if (thd->slave_thread)
-      {
+    {
 #if defined(HAVE_REPLICATION) && !defined(MYSQL_CLIENT)
-        if (strncmp(active_mi->rli.slave_patternload_file, name, 
+      if (strncmp(active_mi->rli.slave_patternload_file, name, 
-            active_mi->rli.slave_patternload_file_size))
+          active_mi->rli.slave_patternload_file_size))
-        {
+      {
-          /*
-            LOAD DATA INFILE in the slave SQL Thread can only read from 
-            --slave-load-tmpdir". This should never happen. Please, report a bug.
-           */
-          sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \
-                          "Please, report a bug.");
-          my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir");
-          DBUG_RETURN(TRUE);
-        }
-#else
        /*
-          This is impossible and should never happen.
+          LOAD DATA INFILE in the slave SQL Thread can only read from 
+          --slave-load-tmpdir". This should never happen. Please, report a bug.
        */
-        DBUG_ASSERT(FALSE); 
-#endif
+        sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \
-      }
+                        "Please, report a bug.");
-      else if (!is_secure_file_path(name))
+        my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir");
-      {
-        /* Read only allowed from within dir specified by secure_file_priv */
-        my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
        DBUG_RETURN(TRUE);
      }
+#else
+      /*
+        This is impossible and should never happen.
+      */
+      DBUG_ASSERT(FALSE); 
+#endif
+    }
+    else if (!is_secure_file_path(name))
+    {
+      /* Read only allowed from within dir specified by secure_file_priv */
+      my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
+      DBUG_RETURN(TRUE);
+    }
+#if !defined(__WIN__) && ! defined(__NETWARE__)
+    MY_STAT stat_info;
+    if (!my_stat(name,&stat_info,MYF(MY_WME)))
+	    DBUG_RETURN(TRUE);
+    // if we are not in slave thread, the file must be:
+    if (!thd->slave_thread &&
+	      !((stat_info.st_mode & S_IROTH) == S_IROTH &&  // readable by others
+	        (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink
+	        ((stat_info.st_mode & S_IFREG) == S_IFREG ||
+	         (stat_info.st_mode & S_IFIFO) == S_IFIFO)))
+    {
+	    my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name);
+	    DBUG_RETURN(TRUE);
    }
    if ((file= mysql_file_open(key_file_load,
                               name, O_RDONLY, MYF(MY_WME))) < 0)
+#endif
      DBUG_RETURN(TRUE);
  }