Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows

Where realpath(3) is used in Linux, mf_load_path is used for Windows. This function doesn't however correspond to the functionality of realpath. This patch attempts to do better by using the Windows function GetFullPathName() instead.

Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows
Where realpath(3) is used in Linux, mf_load_path is used for Windows. This function doesn't however correspond to the functionality of realpath. This patch attempts to do better by using the Windows function GetFullPathName() instead.
e548c322 · Kristofer Pettersson · b001a522 · e548c322
Commit e548c322 authored Oct 17, 2010 by Kristofer Pettersson
Hide whitespace changes
Inline Side-by-side

Showing with 16 additions and 1 deletion

mysys/my_symlink.c mysys/my_symlink.c +16 -1

No files found.
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
 #endif
 }

-
 /*
  Resolve all symbolic links in path
  'to' may be equal to 'filename'
@@ -146,8 +145,24 @@ int my_realpath(char *to, const char *filename,
    result= -1;
  }
  DBUG_RETURN(result);
+#else
+#ifdef _WIN32
+  int ret= GetFullPathName(filename,FN_REFLEN,
+                           to,
+                           NULL);
+  if (ret == 0 || ret > FN_REFLEN)
+  {
+    if (ret > FN_REFLEN)
+      my_errno= ENAMETOOLONG;
+    else
+      my_errno= EACCES;
+    if (MyFlags & MY_WME)
+      my_error(EE_REALPATH, MYF(0), filename, my_errno);
+	  return -1;
+  }
 #else
  my_load_path(to, filename, NullS);
+#endif
  return 0;
 #endif
 }