Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
70cc07cf
Commit
70cc07cf
authored
Mar 12, 2008
by
unknown
Browse files
Options
Browse Files
Download
Plain Diff
Merge kaamos.(none):/data/src/mysql-4.1
into kaamos.(none):/data/src/opt/mysql-4.1-opt
parents
6db400c4
cdcbcc5a
Changes
7
Show whitespace changes
Inline
Side-by-side
Showing
7 changed files
with
124 additions
and
46 deletions
+124
-46
libmysql/libmysql.c
libmysql/libmysql.c
+5
-8
libmysqld/lib_sql.cc
libmysqld/lib_sql.cc
+1
-1
mysql-test/r/symlink.result
mysql-test/r/symlink.result
+21
-17
mysql-test/t/symlink.test
mysql-test/t/symlink.test
+32
-19
sql/mysql_priv.h
sql/mysql_priv.h
+1
-0
sql/mysqld.cc
sql/mysqld.cc
+4
-0
sql/sql_parse.cc
sql/sql_parse.cc
+60
-1
No files found.
libmysql/libmysql.c
View file @
70cc07cf
...
...
@@ -4522,14 +4522,11 @@ my_bool STDCALL mysql_stmt_free_result(MYSQL_STMT *stmt)
{
MYSQL
*
mysql
=
stmt
->
mysql
;
if
(
result
->
data
)
{
/* Result buffered */
free_root
(
&
result
->
alloc
,
MYF
(
MY_KEEP_PREALLOC
));
result
->
data
=
NULL
;
result
->
rows
=
0
;
stmt
->
data_cursor
=
NULL
;
}
if
(
mysql
&&
stmt
->
field_count
&&
(
int
)
stmt
->
state
>
(
int
)
MYSQL_STMT_PREPARE_DONE
)
...
...
libmysqld/lib_sql.cc
View file @
70cc07cf
...
...
@@ -668,7 +668,7 @@ bool Protocol::send_fields(List<Item> *list, uint flag)
DBUG_RETURN
(
0
);
field_count
=
list
->
elements
;
field_alloc
=
thd
->
current_stmt
?
&
thd
->
current_stmt
->
mem_root
:
field_alloc
=
thd
->
current_stmt
?
&
thd
->
current_stmt
->
result
.
alloc
:
&
mysql
->
field_alloc
;
if
(
!
(
client_field
=
mysql
->
fields
=
(
MYSQL_FIELD
*
)
alloc_root
(
field_alloc
,
...
...
mysql-test/r/symlink.result
View file @
70cc07cf
...
...
@@ -91,23 +91,15 @@ t1 CREATE TABLE `t1` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/master-data/mysql'
INDEX DIRECTORY='TEST_DIR/master-data/mysql';
RENAME TABLE t1 TO user;
ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17)
DROP TABLE t1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
show create table t1;
Table Create Table
t1 CREATE TABLE `t1` (
`i` int(11) default NULL
) ENGINE=MyISAM DEFAULT CHARSET=latin1
drop table t1;
DATA DIRECTORY='TEST_DIR/tmp'
INDEX DIRECTORY='TEST_DIR/tmp';
ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
CREATE TABLE t2(a INT)
DATA DIRECTORY='TEST_DIR/tmp'
INDEX DIRECTORY='TEST_DIR/tmp';
RENAME TABLE t2 TO t1;
ERROR HY000: Can't create/write to file 'TEST_DIR/tmp/t1.MYI' (Errcode: 17)
DROP TABLE t2;
show create table t1;
Table Create Table
t1 CREATE TEMPORARY TABLE `t1` (
...
...
@@ -144,4 +136,16 @@ t1 CREATE TABLE `t1` (
) ENGINE=MyISAM DEFAULT CHARSET=latin1 DATA DIRECTORY='MYSQLTEST_VARDIR/tmp/'
drop table t1;
deallocate prepare stmt;
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/var/master-data/test';
ERROR HY000: Incorrect arguments to DATA DIRECORY
CREATE TABLE t1(a INT)
DATA DIRECTORY='TEST_DIR/var/master-data/';
ERROR HY000: Incorrect arguments to DATA DIRECORY
CREATE TABLE t1(a INT)
INDEX DIRECTORY='TEST_DIR/var/master-data';
ERROR HY000: Incorrect arguments to INDEX DIRECORY
CREATE TABLE t1(a INT)
INDEX DIRECTORY='TEST_DIR/var/master-data_var';
ERROR HY000: Can't create/write to file 'TEST_DIR/var/master-data_var/t1.MYI' (Errcode: 2)
End of 4.1 tests
mysql-test/t/symlink.test
View file @
70cc07cf
...
...
@@ -121,29 +121,22 @@ drop table t1;
#
# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE
#
--
write_file
$MYSQLTEST_VARDIR
/
tmp
/
t1
.
MYI
EOF
--
replace_result
$MYSQLTEST_VARDIR
TEST_DIR
--
error
1
eval
CREATE
TABLE
t1
(
a
INT
)
DATA
DIRECTORY
=
'$MYSQLTEST_VARDIR/master-data/mysql'
INDEX
DIRECTORY
=
'$MYSQLTEST_VARDIR/master-data/mysql'
;
DATA
DIRECTORY
=
'$MYSQLTEST_VARDIR/tmp'
INDEX
DIRECTORY
=
'$MYSQLTEST_VARDIR/tmp'
;
--
replace_result
$MYSQLTEST_VARDIR
TEST_DIR
eval
CREATE
TABLE
t2
(
a
INT
)
DATA
DIRECTORY
=
'$MYSQLTEST_VARDIR/tmp'
INDEX
DIRECTORY
=
'$MYSQLTEST_VARDIR/tmp'
;
--
replace_result
$MYSQLTEST_VARDIR
TEST_DIR
--
error
1
RENAME
TABLE
t1
TO
user
;
DROP
TABLE
t1
;
#
# Test specifying DATA DIRECTORY that is the same as what would normally
# have been chosen. (Bug #8707)
#
disable_query_log
;
eval
create
table
t1
(
i
int
)
data
directory
=
"
$MYSQL_TEST_DIR
/var/master-data/test/"
;
enable_query_log
;
show
create
table
t1
;
drop
table
t1
;
disable_query_log
;
eval
create
table
t1
(
i
int
)
index
directory
=
"
$MYSQL_TEST_DIR
/var/master-data/test/"
;
enable_query_log
;
show
create
table
t1
;
drop
table
t1
;
RENAME
TABLE
t2
TO
t1
;
DROP
TABLE
t2
;
--
remove_file
$MYSQLTEST_VARDIR
/
tmp
/
t1
.
MYI
#
# Bug#8706 - temporary table with data directory option fails
...
...
@@ -201,4 +194,24 @@ show create table t1;
drop
table
t1
;
deallocate
prepare
stmt
;
#
# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
#
--
replace_result
$MYSQL_TEST_DIR
TEST_DIR
--
error
1210
eval
CREATE
TABLE
t1
(
a
INT
)
DATA
DIRECTORY
=
'$MYSQL_TEST_DIR/var/master-data/test'
;
--
replace_result
$MYSQL_TEST_DIR
TEST_DIR
--
error
1210
eval
CREATE
TABLE
t1
(
a
INT
)
DATA
DIRECTORY
=
'$MYSQL_TEST_DIR/var/master-data/'
;
--
replace_result
$MYSQL_TEST_DIR
TEST_DIR
--
error
1210
eval
CREATE
TABLE
t1
(
a
INT
)
INDEX
DIRECTORY
=
'$MYSQL_TEST_DIR/var/master-data'
;
--
replace_result
$MYSQL_TEST_DIR
TEST_DIR
--
error
1
eval
CREATE
TABLE
t1
(
a
INT
)
INDEX
DIRECTORY
=
'$MYSQL_TEST_DIR/var/master-data_var'
;
--
echo
End
of
4.1
tests
sql/mysql_priv.h
View file @
70cc07cf
...
...
@@ -890,6 +890,7 @@ void my_dbopt_free(void);
extern
time_t
start_time
;
extern
char
*
mysql_data_home
,
server_version
[
SERVER_VERSION_LENGTH
],
mysql_real_data_home
[],
*
opt_mysql_tmpdir
,
mysql_charsets_dir
[],
mysql_unpacked_real_data_home
[],
def_ft_boolean_syntax
[
sizeof
(
ft_boolean_syntax
)];
#define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
extern
MY_TMPDIR
mysql_tmpdir_list
;
...
...
sql/mysqld.cc
View file @
70cc07cf
...
...
@@ -390,6 +390,7 @@ const char *opt_date_time_formats[3];
char
compiled_default_collation_name
[]
=
MYSQL_DEFAULT_COLLATION_NAME
;
char
*
language_ptr
,
*
default_collation_name
,
*
default_character_set_name
;
char
mysql_data_home_buff
[
2
],
*
mysql_data_home
=
mysql_real_data_home
;
char
mysql_unpacked_real_data_home
[
FN_REFLEN
];
struct
passwd
*
user_info
;
char
server_version
[
SERVER_VERSION_LENGTH
];
char
*
mysqld_unix_port
,
*
opt_mysql_tmpdir
;
...
...
@@ -6896,6 +6897,9 @@ static void fix_paths(void)
pos
[
1
]
=
0
;
}
convert_dirname
(
mysql_real_data_home
,
mysql_real_data_home
,
NullS
);
(
void
)
fn_format
(
buff
,
mysql_real_data_home
,
""
,
""
,
(
MY_RETURN_REAL_PATH
|
MY_RESOLVE_SYMLINKS
));
(
void
)
unpack_dirname
(
mysql_unpacked_real_data_home
,
buff
);
convert_dirname
(
language
,
language
,
NullS
);
(
void
)
my_load_path
(
mysql_home
,
mysql_home
,
""
);
// Resolve current dir
(
void
)
my_load_path
(
mysql_real_data_home
,
mysql_real_data_home
,
mysql_home
);
...
...
sql/sql_parse.cc
View file @
70cc07cf
...
...
@@ -66,6 +66,7 @@ static bool append_file_to_dir(THD *thd, const char **filename_ptr,
static
TABLE_LIST
*
get_table_by_alias
(
TABLE_LIST
*
tl
,
const
char
*
db
,
const
char
*
alias
);
static
bool
test_if_data_home_dir
(
const
char
*
dir
);
const
char
*
any_db
=
"*any*"
;
// Special symbol for check_access
...
...
@@ -2531,6 +2532,20 @@ mysql_execute_command(THD *thd)
"INDEX DIRECTORY option ignored"
);
create_info
.
data_file_name
=
create_info
.
index_file_name
=
NULL
;
#else
if
(
test_if_data_home_dir
(
lex
->
create_info
.
data_file_name
))
{
my_error
(
ER_WRONG_ARGUMENTS
,
MYF
(
0
),
"DATA DIRECORY"
);
res
=
-
1
;
break
;
}
if
(
test_if_data_home_dir
(
lex
->
create_info
.
index_file_name
))
{
my_error
(
ER_WRONG_ARGUMENTS
,
MYF
(
0
),
"INDEX DIRECORY"
);
res
=
-
1
;
break
;
}
/* Fix names if symlinked tables */
if
(
append_file_to_dir
(
thd
,
&
create_info
.
data_file_name
,
create_table
->
real_name
)
||
...
...
@@ -5920,3 +5935,47 @@ Item *negate_expression(THD *thd, Item *expr)
return
negated
;
return
new
Item_func_not
(
expr
);
}
/*
Check if path does not contain mysql data home directory
SYNOPSIS
test_if_data_home_dir()
dir directory
conv_home_dir converted data home directory
home_dir_len converted data home directory length
RETURN VALUES
0 ok
1 error
*/
static
bool
test_if_data_home_dir
(
const
char
*
dir
)
{
char
path
[
FN_REFLEN
],
conv_path
[
FN_REFLEN
];
uint
dir_len
,
home_dir_len
=
strlen
(
mysql_unpacked_real_data_home
);
DBUG_ENTER
(
"test_if_data_home_dir"
);
if
(
!
dir
)
DBUG_RETURN
(
0
);
(
void
)
fn_format
(
path
,
dir
,
""
,
""
,
(
MY_RETURN_REAL_PATH
|
MY_RESOLVE_SYMLINKS
));
dir_len
=
unpack_dirname
(
conv_path
,
dir
);
if
(
home_dir_len
<=
dir_len
)
{
if
(
lower_case_file_system
)
{
if
(
!
my_strnncoll
(
default_charset_info
,
(
const
uchar
*
)
conv_path
,
home_dir_len
,
(
const
uchar
*
)
mysql_unpacked_real_data_home
,
home_dir_len
))
DBUG_RETURN
(
1
);
}
else
if
(
!
memcmp
(
conv_path
,
mysql_unpacked_real_data_home
,
home_dir_len
))
DBUG_RETURN
(
1
);
}
DBUG_RETURN
(
0
);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment