Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
mariadb
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
mariadb
Commits
e76cd169
Commit
e76cd169
authored
May 04, 2011
by
Georgi Kodinov
Browse files
Options
Browse Files
Download
Plain Diff
Merged 5.0-security->5.1-security
parents
be9fba49
59d75160
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
155 additions
and
22 deletions
+155
-22
mysql-test/r/secure_file_priv_win.result
mysql-test/r/secure_file_priv_win.result
+38
-0
mysql-test/t/secure_file_priv_win-master.opt
mysql-test/t/secure_file_priv_win-master.opt
+1
-0
mysql-test/t/secure_file_priv_win.test
mysql-test/t/secure_file_priv_win.test
+79
-0
mysys/my_symlink.c
mysys/my_symlink.c
+10
-11
sql/mysqld.cc
sql/mysqld.cc
+18
-2
sql/sql_load.cc
sql/sql_load.cc
+9
-9
No files found.
mysql-test/r/secure_file_priv_win.result
0 → 100644
View file @
e76cd169
CREATE TABLE t1 (c1 longtext);
INSERT INTO t1 values ('a');
SELECT * FROM t1 INTO OUTFILE 'd:/mysql/work/test-5.0-security/mysql-test/var/tmp/B11764517.tmp';
show global variables like 'secure_file_priv';
Variable_name Value
secure_file_priv MYSQL_TMP_DIR/
SELECT load_file('MYSQL_TMP_DIR\\B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_UCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR_LCASE/B11764517.tmp') AS x;
x
a
SELECT load_file('MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp') AS x;
x
NULL
LOAD DATA INFILE 'MYSQL_TMP_DIR\\B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_UCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE 'MYSQL_TMP_DIR_LCASE/B11764517.tmp' INTO TABLE t1;
LOAD DATA INFILE "MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517.tmp" into table t1;
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\..a..\\..\\..\\B11764517-2.tmp';
ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR\\B11764517-2.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR/B11764517-3.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_UCASE/B11764517-4.tmp';
SELECT * FROM t1 INTO OUTFILE 'MYSQL_TMP_DIR_LCASE/B11764517-5.tmp';
DROP TABLE t1;
mysql-test/t/secure_file_priv_win-master.opt
0 → 100644
View file @
e76cd169
--secure_file_priv=$MYSQL_TMP_DIR
mysql-test/t/secure_file_priv_win.test
0 → 100644
View file @
e76cd169
#
# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders
#
# we do the windows specific relative directory testing
--
source
include
/
windows
.
inc
CREATE
TABLE
t1
(
c1
longtext
);
INSERT
INTO
t1
values
(
'a'
);
LET
$MYSQL_TMP_DIR_UCASE
=
`SELECT upper('$MYSQL_TMP_DIR')`
;
LET
$MYSQL_TMP_DIR_LCASE
=
`SELECT lower('$MYSQL_TMP_DIR')`
;
#create the file
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR_LCASE/B11764517.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
show
global
variables
like
'secure_file_priv'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR\\\\B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR_UCASE/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR_LCASE/B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
load_file
(
'$MYSQL_TMP_DIR\\\\..a..\\\\..\\\\..\\\\B11764517.tmp'
)
AS
x
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR\\\\B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR_UCASE/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
LOAD
DATA
INFILE
'$MYSQL_TMP_DIR_LCASE/B11764517.tmp'
INTO
TABLE
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
--
error
ER_OPTION_PREVENTS_STATEMENT
eval
LOAD
DATA
INFILE
"
$MYSQL_TMP_DIR
\\\\
..a..
\\\\
..
\\\\
..
\\\\
B11764517.tmp"
into
table
t1
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
--
error
ER_OPTION_PREVENTS_STATEMENT
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR\\\\..a..\\\\..\\\\..\\\\B11764517-2.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR\\\\B11764517-2.tmp'
;
--
replace_result
$MYSQL_TMP_DIR
MYSQL_TMP_DIR
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR/B11764517-3.tmp'
;
--
replace_result
$MYSQL_TMP_DIR_UCASE
MYSQL_TMP_DIR_UCASE
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR_UCASE/B11764517-4.tmp'
;
--
replace_result
$MYSQL_TMP_DIR_LCASE
MYSQL_TMP_DIR_LCASE
eval
SELECT
*
FROM
t1
INTO
OUTFILE
'$MYSQL_TMP_DIR_LCASE/B11764517-5.tmp'
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
2.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
3.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
4.
tmp
;
--
error
0
,
1
--
remove_file
$MYSQL_TMP_DIR
/
B11764517
-
5.
tmp
;
DROP
TABLE
t1
;
mysys/my_symlink.c
View file @
e76cd169
...
@@ -144,24 +144,23 @@ int my_realpath(char *to, const char *filename, myf MyFlags)
...
@@ -144,24 +144,23 @@ int my_realpath(char *to, const char *filename, myf MyFlags)
result
=
-
1
;
result
=
-
1
;
}
}
DBUG_RETURN
(
result
);
DBUG_RETURN
(
result
);
#else
#elif defined(_WIN32)
#ifdef _WIN32
int
ret
=
GetFullPathName
(
filename
,
FN_REFLEN
,
to
,
NULL
);
int
ret
=
GetFullPathName
(
filename
,
FN_REFLEN
,
to
,
NULL
);
if
(
ret
==
0
||
ret
>
FN_REFLEN
)
if
(
ret
==
0
||
ret
>
FN_REFLEN
)
{
{
if
(
ret
>
FN_REFLEN
)
my_errno
=
(
ret
>
FN_REFLEN
)
?
ENAMETOOLONG
:
GetLastError
();
my_errno
=
ENAMETOOLONG
;
else
my_errno
=
EACCES
;
if
(
MyFlags
&
MY_WME
)
if
(
MyFlags
&
MY_WME
)
my_error
(
EE_REALPATH
,
MYF
(
0
),
filename
,
my_errno
);
my_error
(
EE_REALPATH
,
MYF
(
0
),
filename
,
my_errno
);
/*
GetFullPathName didn't work : use my_load_path() which is a poor
substitute original name but will at least be able to resolve
paths that starts with '.'.
*/
my_load_path
(
to
,
filename
,
NullS
);
return
-
1
;
return
-
1
;
}
}
#else
#else
my_load_path
(
to
,
filename
,
NullS
);
my_load_path
(
to
,
filename
,
NullS
);
#endif
#endif
return
0
;
return
0
;
#endif
}
}
sql/mysqld.cc
View file @
e76cd169
...
@@ -8961,12 +8961,15 @@ fn_format_relative_to_data_home(char * to, const char *name,
...
@@ -8961,12 +8961,15 @@ fn_format_relative_to_data_home(char * to, const char *name,
bool
is_secure_file_path
(
char
*
path
)
bool
is_secure_file_path
(
char
*
path
)
{
{
char
buff1
[
FN_REFLEN
],
buff2
[
FN_REFLEN
];
char
buff1
[
FN_REFLEN
],
buff2
[
FN_REFLEN
];
size_t
opt_secure_file_priv_len
;
/*
/*
All paths are secure if opt_secure_file_path is 0
All paths are secure if opt_secure_file_path is 0
*/
*/
if
(
!
opt_secure_file_priv
)
if
(
!
opt_secure_file_priv
)
return
TRUE
;
return
TRUE
;
opt_secure_file_priv_len
=
strlen
(
opt_secure_file_priv
);
if
(
strlen
(
path
)
>=
FN_REFLEN
)
if
(
strlen
(
path
)
>=
FN_REFLEN
)
return
FALSE
;
return
FALSE
;
...
@@ -8984,11 +8987,24 @@ bool is_secure_file_path(char *path)
...
@@ -8984,11 +8987,24 @@ bool is_secure_file_path(char *path)
return
FALSE
;
return
FALSE
;
}
}
convert_dirname
(
buff2
,
buff1
,
NullS
);
convert_dirname
(
buff2
,
buff1
,
NullS
);
if
(
strncmp
(
opt_secure_file_priv
,
buff2
,
strlen
(
opt_secure_file_priv
)))
if
(
!
lower_case_file_system
)
{
if
(
strncmp
(
opt_secure_file_priv
,
buff2
,
opt_secure_file_priv_len
))
return
FALSE
;
}
else
{
if
(
files_charset_info
->
coll
->
strnncoll
(
files_charset_info
,
(
uchar
*
)
buff2
,
strlen
(
buff2
),
(
uchar
*
)
opt_secure_file_priv
,
opt_secure_file_priv_len
,
TRUE
))
return
FALSE
;
return
FALSE
;
}
return
TRUE
;
return
TRUE
;
}
}
static
int
fix_paths
(
void
)
static
int
fix_paths
(
void
)
{
{
char
buff
[
FN_REFLEN
],
*
pos
;
char
buff
[
FN_REFLEN
],
*
pos
;
...
...
sql/sql_load.cc
View file @
e76cd169
...
@@ -348,21 +348,21 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
...
@@ -348,21 +348,21 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
#if !defined(__WIN__) && ! defined(__NETWARE__)
#if !defined(__WIN__) && ! defined(__NETWARE__)
MY_STAT
stat_info
;
MY_STAT
stat_info
;
if
(
!
my_stat
(
name
,
&
stat_info
,
MYF
(
MY_WME
)))
if
(
!
my_stat
(
name
,
&
stat_info
,
MYF
(
MY_WME
)))
DBUG_RETURN
(
TRUE
);
DBUG_RETURN
(
TRUE
);
// if we are not in slave thread, the file must be:
// if we are not in slave thread, the file must be:
if
(
!
thd
->
slave_thread
&&
if
(
!
thd
->
slave_thread
&&
!
((
stat_info
.
st_mode
&
S_IROTH
)
==
S_IROTH
&&
// readable by others
!
((
stat_info
.
st_mode
&
S_IROTH
)
==
S_IROTH
&&
// readable by others
(
stat_info
.
st_mode
&
S_IFLNK
)
!=
S_IFLNK
&&
// and not a symlink
(
stat_info
.
st_mode
&
S_IFLNK
)
!=
S_IFLNK
&&
// and not a symlink
((
stat_info
.
st_mode
&
S_IFREG
)
==
S_IFREG
||
((
stat_info
.
st_mode
&
S_IFREG
)
==
S_IFREG
||
// and a regular file
(
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)))
(
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)))
// or FIFO
{
{
my_error
(
ER_TEXTFILE_NOT_READABLE
,
MYF
(
0
),
name
);
my_error
(
ER_TEXTFILE_NOT_READABLE
,
MYF
(
0
),
name
);
DBUG_RETURN
(
TRUE
);
DBUG_RETURN
(
TRUE
);
}
}
if
((
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)
if
((
stat_info
.
st_mode
&
S_IFIFO
)
==
S_IFIFO
)
is_fifo
=
1
;
is_fifo
=
1
;
#endif
#endif
if
((
file
=
my_open
(
name
,
O_RDONLY
,
MYF
(
MY_WME
)))
<
0
)
if
((
file
=
my_open
(
name
,
O_RDONLY
,
MYF
(
MY_WME
)))
<
0
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment