Commit 943543ba authored by unknown's avatar unknown

Bug#21224: mysql_upgrade uses possibly insecure temporary files

We open for writing a known location, which is exploitable with a symlink
attack.  Now, use the EXCLusive flag, so that the presence of anything at 
that location causes a failure.  Try once to open safely, and if failure 
then remove that location and try again to open safely.  If both fail, then
raise an error.


client/mysql_upgrade.c:
  Open the file with the O_EXCL flag, so that a symlink attack would not work.
  
  If opening it fails, try removing something at that location, and try again.
  If the second time fails, then abort as previous.
parent 698bd7c4
...@@ -149,17 +149,29 @@ static int create_defaults_file(const char *path, const char *our_defaults_path) ...@@ -149,17 +149,29 @@ static int create_defaults_file(const char *path, const char *our_defaults_path)
File our_defaults_file, defaults_file; File our_defaults_file, defaults_file;
char buffer[512]; char buffer[512];
char *buffer_end; char *buffer_end;
int failed_to_open_count= 0;
int error; int error;
/* check if the defaults file is needed at all */ /* check if the defaults file is needed at all */
if (!opt_password) if (!opt_password)
return 0; return 0;
defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY, retry_open:
defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY | O_EXCL,
MYF(MY_FAE | MY_WME)); MYF(MY_FAE | MY_WME));
if (defaults_file < 0) if (defaults_file < 0)
return 1; {
if (failed_to_open_count == 0)
{
remove(path);
failed_to_open_count+= 1;
goto retry_open;
}
else
return 1;
}
upgrade_defaults_created= 1; upgrade_defaults_created= 1;
if (our_defaults_path) if (our_defaults_path)
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment