Commit 70cc07cf authored by unknown's avatar unknown

Merge kaamos.(none):/data/src/mysql-4.1

into  kaamos.(none):/data/src/opt/mysql-4.1-opt
parents 6db400c4 cdcbcc5a
......@@ -4522,14 +4522,11 @@ my_bool STDCALL mysql_stmt_free_result(MYSQL_STMT *stmt)
{
MYSQL *mysql= stmt->mysql;
if (result->data)
{
/* Result buffered */
free_root(&result->alloc, MYF(MY_KEEP_PREALLOC));
result->data= NULL;
result->rows= 0;
stmt->data_cursor= NULL;
}
if (mysql && stmt->field_count &&
(int) stmt->state > (int) MYSQL_STMT_PREPARE_DONE)
......
......@@ -668,7 +668,7 @@ bool Protocol::send_fields(List<Item> *list, uint flag)
DBUG_RETURN(0);
field_count= list->elements;
field_alloc= thd->current_stmt ? &thd->current_stmt->mem_root :
field_alloc= thd->current_stmt ? &thd->current_stmt->result.alloc :
&mysql->field_alloc;
if (!(client_field= mysql->fields=
(MYSQL_FIELD *)alloc_root(field_alloc,
......
......@@ -91,23 +91,15 @@ t1 CREATE TABLE `t1` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/master-data/mysql'
INDEX DIRECTORY='TEST_DIR/master-data/mysql';
RENAME TABLE t1 TO user;
ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
DROP TABLE t1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
DATA DIRECTORY='TEST_DIR/tmp'
INDEX DIRECTORY='TEST_DIR/tmp';
ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
CREATE TABLE t2(a INT)
DATA DIRECTORY='TEST_DIR/tmp'
INDEX DIRECTORY='TEST_DIR/tmp';
RENAME TABLE t2 TO t1;
ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
DROP TABLE t2;
show create table t1;
Table Create Table
t1 CREATE TEMPORARY TABLE `t1` (
......@@ -144,4 +136,16 @@ t1 CREATE TABLE `t1` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
drop table t1;
deallocate prepare stmt;
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/var/master-data/test';
ERROR HY000: Incorrect arguments to DATA DIRECORY
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/var/master-data/';
ERROR HY000: Incorrect arguments to DATA DIRECORY
CREATE TABLE t1(a INT)
INDEX DIRECTORY='TEST_DIR/var/master-data';
ERROR HY000: Incorrect arguments to INDEX DIRECORY
CREATE TABLE t1(a INT)
INDEX DIRECTORY='TEST_DIR/var/master-data_var';
ERROR HY000: Can't create/write to file 'TEST_DIR/var/master-data_var/t1.MYI' (Errcode: 2)
End of 4.1 tests
......@@ -121,29 +121,22 @@ drop table t1;
#
# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
#
--write_file $MYSQLTEST_VARDIR/tmp/t1.MYI
EOF
--replace_result $MYSQLTEST_VARDIR TEST_DIR
--error 1
eval CREATE TABLE t1(a INT)
DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'
INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql';
DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
--replace_result $MYSQLTEST_VARDIR TEST_DIR
eval CREATE TABLE t2(a INT)
DATA DIRECTORY='$MYSQLTEST_VARDIR/tmp'
INDEX DIRECTORY='$MYSQLTEST_VARDIR/tmp';
--replace_result $MYSQLTEST_VARDIR TEST_DIR
--error 1
RENAME TABLE t1 TO user;
DROP TABLE t1;
#
# Test specifying DATA DIRECTORY that is the same as what would normally
# have been chosen. (Bug #8707)
#
disable_query_log;
eval create table t1 (i int) data directory = "$MYSQL_TEST_DIR/var/master-data/test/";
enable_query_log;
show create table t1;
drop table t1;
disable_query_log;
eval create table t1 (i int) index directory = "$MYSQL_TEST_DIR/var/master-data/test/";
enable_query_log;
show create table t1;
drop table t1;
RENAME TABLE t2 TO t1;
DROP TABLE t2;
--remove_file $MYSQLTEST_VARDIR/tmp/t1.MYI
#
# Bug#8706 - temporary table with data directory option fails
......@@ -201,4 +194,24 @@ show create table t1;
drop table t1;
deallocate prepare stmt;
#
# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
#
--replace_result $MYSQL_TEST_DIR TEST_DIR
--error 1210
eval CREATE TABLE t1(a INT)
DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test';
--replace_result $MYSQL_TEST_DIR TEST_DIR
--error 1210
eval CREATE TABLE t1(a INT)
DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/';
--replace_result $MYSQL_TEST_DIR TEST_DIR
--error 1210
eval CREATE TABLE t1(a INT)
INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data';
--replace_result $MYSQL_TEST_DIR TEST_DIR
--error 1
eval CREATE TABLE t1(a INT)
INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data_var';
--echo End of 4.1 tests
......@@ -890,6 +890,7 @@ void my_dbopt_free(void);
extern time_t start_time;
extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
mysql_unpacked_real_data_home[],
def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
#define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
extern MY_TMPDIR mysql_tmpdir_list;
......
......@@ -390,6 +390,7 @@ const char *opt_date_time_formats[3];
char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
char *language_ptr, *default_collation_name, *default_character_set_name;
char mysql_data_home_buff[2], *mysql_data_home=mysql_real_data_home;
char mysql_unpacked_real_data_home[FN_REFLEN];
struct passwd *user_info;
char server_version[SERVER_VERSION_LENGTH];
char *mysqld_unix_port, *opt_mysql_tmpdir;
......@@ -6896,6 +6897,9 @@ static void fix_paths(void)
pos[1]= 0;
}
convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
(void) fn_format(buff, mysql_real_data_home, "", "",
(MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
(void) unpack_dirname(mysql_unpacked_real_data_home, buff);
convert_dirname(language,language,NullS);
(void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
(void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
......
......@@ -66,6 +66,7 @@ static bool append_file_to_dir(THD *thd, const char **filename_ptr,
static TABLE_LIST* get_table_by_alias(TABLE_LIST* tl, const char* db,
const char* alias);
static bool test_if_data_home_dir(const char *dir);
const char *any_db="*any*"; // Special symbol for check_access
......@@ -2531,6 +2532,20 @@ mysql_execute_command(THD *thd)
"INDEX DIRECTORY option ignored");
create_info.data_file_name= create_info.index_file_name= NULL;
#else
if (test_if_data_home_dir(lex->create_info.data_file_name))
{
my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
res= -1;
break;
}
if (test_if_data_home_dir(lex->create_info.index_file_name))
{
my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
res= -1;
break;
}
/* Fix names if symlinked tables */
if (append_file_to_dir(thd, &create_info.data_file_name,
create_table->real_name) ||
......@@ -5920,3 +5935,47 @@ Item *negate_expression(THD *thd, Item *expr)
return negated;
return new Item_func_not(expr);
}
/*
Check if path does not contain mysql data home directory
SYNOPSIS
test_if_data_home_dir()
dir directory
conv_home_dir converted data home directory
home_dir_len converted data home directory length
RETURN VALUES
0 ok
1 error
*/
static bool test_if_data_home_dir(const char *dir)
{
char path[FN_REFLEN], conv_path[FN_REFLEN];
uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
DBUG_ENTER("test_if_data_home_dir");
if (!dir)
DBUG_RETURN(0);
(void) fn_format(path, dir, "", "",
(MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
dir_len= unpack_dirname(conv_path, dir);
if (home_dir_len <= dir_len)
{
if (lower_case_file_system)
{
if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
home_dir_len,
(const uchar*) mysql_unpacked_real_data_home,
home_dir_len))
DBUG_RETURN(1);
}
else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
DBUG_RETURN(1);
}
DBUG_RETURN(0);
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment