Commit 1f9b1e19 authored by monty@tik.mysql.fi's avatar monty@tik.mysql.fi

Made LOAD DATA LOCAL INFILE more secure

parent 1efcc3e3
......@@ -9,3 +9,4 @@ miguel@light.local
monty@donna.mysql.fi
monty@bitch.mysql.fi
mwagner@cash.mwagner.org
monty@tik.mysql.fi
......@@ -46892,6 +46892,12 @@ not yet 100% confident in this code.
@item
Fixed unlikely caching bug when doing a join without keys. In this case
the last used field for a table always returned @code{NULL}.
@item
Added options to make @code{LOAD DATA LOCAL INFILE} more secure.
@item
MySQL binary release 3.23.48 for Linux contained a new glibc library, which
has serious problems under high load and RedHat 7.2. The 3.23.49 binary
release doesn't have this problem.
@end itemize
@node News-3.23.48, News-3.23.47, News-3.23.49, News-3.23.x
......@@ -21,6 +21,9 @@
/* Version of .frm files */
#undef DOT_FRM_VERSION
/* If LOAD DATA LOCAL INFILE should be enabled by default */
#undef ENABLED_LOCAL_INFILE
/* READLINE: */
#undef FIONREAD_IN_SYS_IOCTL
......
......@@ -30,4 +30,4 @@ enum options { OPT_CHARSETS_DIR=256, OPT_DEFAULT_CHARSET,
OPT_LOW_PRIORITY, OPT_AUTO_REPAIR, OPT_COMPRESS,
OPT_DROP, OPT_LOCKS, OPT_KEYWORDS, OPT_DELAYED, OPT_OPTIMIZE,
OPT_FTB, OPT_LTB, OPT_ENC, OPT_O_ENC, OPT_ESC, OPT_TABLES,
OPT_MASTER_DATA, OPT_AUTOCOMMIT};
OPT_MASTER_DATA, OPT_AUTOCOMMIT, OPT_LOCAL_INFILE};
......@@ -34,7 +34,7 @@
#include "my_readline.h"
#include <signal.h>
const char *VER="11.15";
const char *VER="11.16";
/* Don't try to make a nice table if the data is too big */
#define MAX_COLUMN_LENGTH 1024
......@@ -113,10 +113,10 @@ static MYSQL mysql; /* The connection */
static bool info_flag=0,ignore_errors=0,wait_flag=0,quick=0,
connected=0,opt_raw_data=0,unbuffered=0,output_tables=0,
no_rehash=0,skip_updates=0,safe_updates=0,one_database=0,
opt_compress=0,
opt_compress=0, using_opt_local_infile=0,
vertical=0,skip_line_numbers=0,skip_column_names=0,opt_html=0,
opt_nopager=1, opt_outfile=0, no_named_cmds=1;
static uint verbose=0,opt_silent=0,opt_mysql_port=0;
static uint verbose=0,opt_silent=0,opt_mysql_port=0, opt_local_infile=0;
static my_string opt_mysql_unix_port=0;
static int connect_flag=CLIENT_INTERACTIVE;
static char *current_host,*current_db,*current_user=0,*opt_password=0,
......@@ -394,6 +394,7 @@ static struct option long_options[] =
{"html", no_argument, 0, 'H'},
{"host", required_argument, 0, 'h'},
{"ignore-spaces", no_argument, 0, 'i'},
{"local-infile", optional_argument, 0, OPT_LOCAL_INFILE},
{"no-auto-rehash",no_argument, 0, 'A'},
{"no-named-commands", no_argument, 0, 'g'},
{"no-tee", no_argument, 0, OPT_NOTEE},
......@@ -693,6 +694,10 @@ static int get_options(int argc, char **argv)
case 'C':
opt_compress=1;
break;
case OPT_LOCAL_INFILE:
using_opt_local_infile=1;
opt_local_infile= test(!optarg || atoi(optarg)>0);
break;
case 'L':
skip_line_numbers=1;
break;
......@@ -2105,6 +2110,8 @@ sql_real_connect(char *host,char *database,char *user,char *password,
}
if (opt_compress)
mysql_options(&mysql,MYSQL_OPT_COMPRESS,NullS);
if (using_opt_local_infile)
mysql_options(&mysql,MYSQL_OPT_LOCAL_INFILE, (char*) &opt_local_infile);
#ifdef HAVE_OPENSSL
if (opt_use_ssl)
mysql_ssl_set(&mysql, opt_ssl_key, opt_ssl_cert, opt_ssl_ca,
......
......@@ -4,7 +4,7 @@ dnl Process this file with autoconf to produce a configure script.
AC_INIT(sql/mysqld.cc)
AC_CANONICAL_SYSTEM
# The Docs Makefile.am parses this line!
AM_INIT_AUTOMAKE(mysql, 3.23.48)
AM_INIT_AUTOMAKE(mysql, 3.23.49)
AM_CONFIG_HEADER(config.h)
PROTOCOL_VERSION=10
......@@ -518,7 +518,7 @@ AC_ARG_ENABLE(thread-safe-client,
[ THREAD_SAFE_CLIENT=no ]
)
# Make thread safe client
# compile with strings functions in assembler
AC_ARG_ENABLE(assembler,
[ --enable-assembler Use assembler versions of some string
functions if available.],
......@@ -583,6 +583,14 @@ AC_ARG_WITH(mysqld-user,
)
AC_SUBST(MYSQLD_USER)
# compile with strings functions in assembler
AC_ARG_ENABLE(local-infile,
[ --enable-local-infile
If LOAD DATA LOCAL INFILE is enabled by default.],
[ ENABLED_LOCAL_INFILE=$enablewal ],
[ ENABLED_LOCAL_INFILE=no ]
)
# Use Paul Eggerts macros from GNU tar to check for large file support.
MYSQL_SYS_LARGEFILE
......
......@@ -143,7 +143,8 @@ struct st_mysql_options {
enum mysql_option { MYSQL_OPT_CONNECT_TIMEOUT, MYSQL_OPT_COMPRESS,
MYSQL_OPT_NAMED_PIPE, MYSQL_INIT_COMMAND,
MYSQL_READ_DEFAULT_FILE, MYSQL_READ_DEFAULT_GROUP,
MYSQL_SET_CHARSET_DIR, MYSQL_SET_CHARSET_NAME};
MYSQL_SET_CHARSET_DIR, MYSQL_SET_CHARSET_NAME,
MYSQL_OPT_LOCAL_INFILE};
enum mysql_status { MYSQL_STATUS_READY,MYSQL_STATUS_GET_RESULT,
MYSQL_STATUS_USE_RESULT};
......
......@@ -61,7 +61,7 @@ static my_bool mysql_client_init=0;
uint mysql_port=0;
my_string mysql_unix_port=0;
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_LOCAL_FILES | CLIENT_TRANSACTIONS)
#define CLIENT_CAPABILITIES (CLIENT_LONG_PASSWORD | CLIENT_LONG_FLAG | CLIENT_TRANSACTIONS)
#ifdef __WIN__
#define CONNECT_TIMEOUT 20
......@@ -671,11 +671,12 @@ mysql_free_result(MYSQL_RES *result)
****************************************************************************/
static const char *default_options[]=
{"port","socket","compress","password","pipe", "timeout", "user",
{
"port","socket","compress","password","pipe", "timeout", "user",
"init-command", "host", "database", "debug", "return-found-rows",
"ssl-key" ,"ssl-cert" ,"ssl-ca" ,"ssl-capath",
"character-set-dir", "default-character-set", "interactive-timeout",
"connect_timeout",
"connect-timeout", "local-infile", "disable-local-infile",
NullS
};
......@@ -710,6 +711,9 @@ static void mysql_read_default_options(struct st_mysql_options *options,
opt_arg=end+1;
*end=0; /* Remove '=' */
}
/* Change all '_' in variable name to '-' */
for (end= *option ; (end= strcend(end,'_')) ; )
*end= '-';
switch (find_type(*option+2,&option_types,2)) {
case 1: /* port */
if (opt_arg)
......@@ -807,7 +811,16 @@ static void mysql_read_default_options(struct st_mysql_options *options,
options->charset_name = my_strdup(opt_arg, MYF(MY_WME));
break;
case 19: /* Interactive-timeout */
options->client_flag|=CLIENT_INTERACTIVE;
options->client_flag|= CLIENT_INTERACTIVE;
break;
case 21:
if (!opt_arg || atoi(opt_arg) != 0)
options->client_flag|= CLIENT_LOCAL_FILES;
else
options->client_flag&= ~CLIENT_LOCAL_FILES;
break;
case 22:
options->client_flag&= CLIENT_LOCAL_FILES;
break;
default:
DBUG_PRINT("warning",("unknown option: %s",option[0]));
......@@ -1006,6 +1019,14 @@ mysql_init(MYSQL *mysql)
if (!((mysql)->client_flag & CLIENT_IGNORE_SIGPIPE))
(void) signal(SIGPIPE,pipe_sig_handler);
#endif
/*
Only enable LOAD DATA INFILE by default if configured with
--with-enabled-local-inflile
*/
#ifdef ENABLED_LOCAL_INFILE
mysql->options.client_flag|= CLIENT_LOCAL_FILES;
#endif
return mysql;
}
......@@ -1453,7 +1474,6 @@ mysql_real_connect(MYSQL *mysql,const char *host, const char *user,
if (mysql->options.use_ssl)
client_flag|=CLIENT_SSL;
#endif /* HAVE_OPENSSL */
if (db)
client_flag|=CLIENT_CONNECT_WITH_DB;
#ifdef HAVE_COMPRESS
......@@ -2267,11 +2287,17 @@ mysql_options(MYSQL *mysql,enum mysql_option option, const char *arg)
mysql->options.connect_timeout= *(uint*) arg;
break;
case MYSQL_OPT_COMPRESS:
mysql->options.compress=1; /* Remember for connect */
mysql->options.compress= 1; /* Remember for connect */
break;
case MYSQL_OPT_NAMED_PIPE:
mysql->options.named_pipe=1; /* Force named pipe */
break;
case MYSQL_OPT_LOCAL_INFILE: /* Allow LOAD DATA LOCAL ?*/
if (!arg || test(*(uint*) arg))
mysql->client_flag|= CLIENT_LOCAL_FILES;
else
mysql->client_flag&= ~CLIENT_LOCAL_FILES;
break;
case MYSQL_INIT_COMMAND:
my_free(mysql->options.init_command,MYF(MY_ALLOW_ZERO_PTR));
mysql->options.init_command=my_strdup(arg,MYF(MY_WME));
......
......@@ -524,7 +524,7 @@ extern pthread_cond_t COND_refresh,COND_thread_count, COND_binlog_update,
COND_slave_stopped, COND_slave_start;
extern pthread_attr_t connection_attrib;
extern bool opt_endinfo, using_udf_functions, locked_in_memory,
opt_using_transactions, use_temp_pool;
opt_using_transactions, use_temp_pool, opt_local_infile;
extern char f_fyllchar;
extern ulong ha_read_count, ha_write_count, ha_delete_count, ha_update_count,
ha_read_key_count, ha_read_next_count, ha_read_prev_count,
......
......@@ -287,6 +287,7 @@ ulong bytes_sent = 0L, bytes_received = 0L;
bool opt_endinfo,using_udf_functions,low_priority_updates, locked_in_memory;
bool opt_using_transactions, using_update_log, opt_warnings=0;
bool opt_local_infile;
bool volatile abort_loop,select_thread_in_use,grant_option;
bool volatile ready_to_exit,shutdown_in_progress;
ulong refresh_version=1L,flush_version=1L; /* Increments on each reload */
......@@ -2612,7 +2613,7 @@ enum options {
OPT_SKIP_STACK_TRACE, OPT_SKIP_SYMLINKS,
OPT_MAX_BINLOG_DUMP_EVENTS, OPT_SPORADIC_BINLOG_DUMP_FAIL,
OPT_SAFE_USER_CREATE, OPT_SQL_MODE,
OPT_SLAVE_SKIP_ERRORS
OPT_SLAVE_SKIP_ERRORS, OPT_LOCAL_INFILE
};
static struct option long_options[] = {
......@@ -2676,6 +2677,7 @@ static struct option long_options[] = {
{"init-file", required_argument, 0, (int) OPT_INIT_FILE},
{"log", optional_argument, 0, 'l'},
{"language", required_argument, 0, 'L'},
{"local-infile", optional_argument, 0, (int) OPT_LOCAL_INFILE},
{"log-bin", optional_argument, 0, (int) OPT_BIN_LOG},
{"log-bin-index", required_argument, 0, (int) OPT_BIN_LOG_INDEX},
{"log-isam", optional_argument, 0, (int) OPT_ISAM_LOG},
......@@ -3468,6 +3470,9 @@ static void get_options(int argc,char **argv)
case 'P':
mysql_port= (unsigned int) atoi(optarg);
break;
case OPT_LOCAL_INFILE:
opt_local_infile= test(optarg || atoi(optarg) != 0);
break;
case OPT_SLAVE_SKIP_ERRORS:
init_slave_skip_errors(optarg);
break;
......
......@@ -132,7 +132,7 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
if (read_file_from_client && handle_duplicates == DUP_ERROR)
handle_duplicates=DUP_IGNORE;
if (read_file_from_client && (thd->client_capabilities & CLIENT_LOCAL_FILES))
if (read_file_from_client)
{
char tmp [FN_REFLEN+1],*end;
DBUG_PRINT("info",("reading local file"));
......
......@@ -1796,13 +1796,20 @@ mysql_execute_command(void)
{
uint privilege= (lex->duplicates == DUP_REPLACE ?
INSERT_ACL | UPDATE_ACL | DELETE_ACL : INSERT_ACL);
if (!(lex->local_file && (thd->client_capabilities & CLIENT_LOCAL_FILES)))
if (!lex->local_file)
{
if (check_access(thd,privilege | FILE_ACL,tables->db))
goto error;
}
else
{
if (!(thd->client_capabilities & CLIENT_LOCAL_FILES) ||
! opt_local_infile)
{
send_error(&thd->net,ER_NOT_ALLOWED_COMMAND);
goto error;
}
if (check_access(thd,privilege,tables->db,&tables->grant.privilege) ||
grant_option && check_grant(thd,privilege,tables))
goto error;
......
......@@ -2356,8 +2356,9 @@ use: USE_SYM ident
load: LOAD DATA_SYM load_data_lock opt_local INFILE TEXT_STRING
{
Lex->sql_command= SQLCOM_LOAD;
Lex->local_file= $4;
LEX *lex= Lex;
lex->sql_command= SQLCOM_LOAD;
lex->local_file= $4;
if (!(Lex->exchange= new sql_exchange($6.str,0)))
YYABORT;
Lex->field_list.empty();
......@@ -2643,11 +2644,12 @@ set:
SET opt_option
{
THD *thd=current_thd;
Lex->sql_command= SQLCOM_SET_OPTION;
Lex->options=thd->options;
Lex->select_limit=thd->default_select_limit;
Lex->gemini_spin_retries=thd->gemini_spin_retries;
Lex->tx_isolation=thd->tx_isolation;
LEX *lex= &thd->lex;
lex->sql_command= SQLCOM_SET_OPTION;
lex->options=thd->options;
lex->select_limit=thd->default_select_limit;
lex->gemini_spin_retries=thd->gemini_spin_retries;
lex->tx_isolation=thd->tx_isolation;
}
option_value_list
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment