database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Buq#32167 another privilege bypass with DATA/INDEX DIRECTORY.

Browse Source 
test_if_data_home_dir fixed to look into real path.
    Checks added to mi_open for symlinks into data home directory.

 per-file messages:
        include/my_sys.h
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          my_is_symlink interface added

        mysql-test/r/udf.result
          test result fixed (not related to #32167)

        mysys/my_symlink.c
          my_is_symlink() implementsd
          my_realpath() now returns the 'realpath' even if a file isn't a symlink
This commit is contained in:
Alexey Botchkov
2008-07-31 14:42:44 +05:00
parent 2d590c2825
commit 1cbc2f7e3a
3 changed files with 33 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/my_sys.h
View File

@ -575,6 +575,7 @@ extern int my_close(File Filedes,myf MyFlags);
extern File my_dup(File file, myf MyFlags); extern File my_dup(File file, myf MyFlags);
extern int my_mkdir(const char *dir, int Flags, myf MyFlags); extern int my_mkdir(const char *dir, int Flags, myf MyFlags);
extern int my_readlink(char *to, const char *filename, myf MyFlags); extern int my_readlink(char *to, const char *filename, myf MyFlags);
extern int my_is_symlink(const char *filename);
extern int my_realpath(char *to, const char *filename, myf MyFlags); extern int my_realpath(char *to, const char *filename, myf MyFlags);
extern File my_create_with_symlink(const char *linkname, const char *filename, extern File my_create_with_symlink(const char *linkname, const char *filename,
int createflags, int access_flags, int createflags, int access_flags,

6
mysql-test/r/udf.result
View File

@ -1,5 +1,7 @@
drop table if exists t1; drop table if exists t1;
CREATE FUNCTION metaphon RETURNS STRING SONAME "UDF_EXAMPLE_LIB"; CREATE FUNCTION metaphon RETURNS STRING SONAME "UDF_EXAMPLE_LIB";
Warnings:
Warning 1105 plugin_dir was not specified
CREATE FUNCTION myfunc_double RETURNS REAL SONAME "UDF_EXAMPLE_LIB"; CREATE FUNCTION myfunc_double RETURNS REAL SONAME "UDF_EXAMPLE_LIB";
CREATE FUNCTION myfunc_nonexist RETURNS INTEGER SONAME "UDF_EXAMPLE_LIB"; CREATE FUNCTION myfunc_nonexist RETURNS INTEGER SONAME "UDF_EXAMPLE_LIB";
ERROR HY000: Can't find function 'myfunc_nonexist' in library ERROR HY000: Can't find function 'myfunc_nonexist' in library
@ -197,6 +199,8 @@ DROP FUNCTION avgcost;
select * from mysql.func; select * from mysql.func;
name ret dl type name ret dl type
CREATE FUNCTION is_const RETURNS STRING SONAME "UDF_EXAMPLE_LIB"; CREATE FUNCTION is_const RETURNS STRING SONAME "UDF_EXAMPLE_LIB";
Warnings:
Warning 1105 plugin_dir was not specified
select IS_const(3); select IS_const(3);
IS_const(3) IS_const(3)
const const
@ -206,6 +210,8 @@ name ret dl type
select is_const(3); select is_const(3);
ERROR 42000: FUNCTION test.is_const does not exist ERROR 42000: FUNCTION test.is_const does not exist
CREATE FUNCTION is_const RETURNS STRING SONAME "UDF_EXAMPLE_LIB"; CREATE FUNCTION is_const RETURNS STRING SONAME "UDF_EXAMPLE_LIB";
Warnings:
Warning 1105 plugin_dir was not specified
select select
is_const(3) as const, is_const(3) as const,
is_const(3.14) as const, is_const(3.14) as const,

50
mysys/my_symlink.c
View File

@ -2,7 +2,8 @@
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
the Free Software Foundation; version 2 of the License. the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
@ -106,38 +107,38 @@ int my_symlink(const char *content, const char *linkname, myf MyFlags)
#define BUFF_LEN FN_LEN #define BUFF_LEN FN_LEN
#endif #endif
int my_is_symlink(const char *filename __attribute__((unused)))
{
struct stat stat_buff;
return !lstat(filename, &stat_buff) && S_ISLNK(stat_buff.st_mode);
}
int my_realpath(char *to, const char *filename, int my_realpath(char *to, const char *filename,
myf MyFlags __attribute__((unused))) myf MyFlags __attribute__((unused)))
{ {
#if defined(HAVE_REALPATH) && !defined(HAVE_purify) && !defined(HAVE_BROKEN_REALPATH) #if defined(HAVE_REALPATH) && !defined(HAVE_purify) && !defined(HAVE_BROKEN_REALPATH)
int result=0; int result=0;
char buff[BUFF_LEN]; char buff[BUFF_LEN];
struct stat stat_buff; char *ptr;
DBUG_ENTER("my_realpath"); DBUG_ENTER("my_realpath");
if (!(MyFlags & MY_RESOLVE_LINK) || DBUG_PRINT("info",("executing realpath"));
(!lstat(filename,&stat_buff) && S_ISLNK(stat_buff.st_mode))) if ((ptr=realpath(filename,buff)))
strmake(to,ptr,FN_REFLEN-1);
else
{ {
char *ptr; /*
DBUG_PRINT("info",("executing realpath")); Realpath didn't work; Use my_load_path() which is a poor substitute
if ((ptr=realpath(filename,buff))) original name but will at least be able to resolve paths that starts
{ with '.'.
strmake(to,ptr,FN_REFLEN-1); */
} DBUG_PRINT("error",("realpath failed with errno: %d", errno));
else my_errno=errno;
{ if (MyFlags & MY_WME)
/* my_error(EE_REALPATH, MYF(0), filename, my_errno);
Realpath didn't work; Use my_load_path() which is a poor substitute my_load_path(to, filename, NullS);
original name but will at least be able to resolve paths that starts result= -1;
with '.'.
*/
DBUG_PRINT("error",("realpath failed with errno: %d", errno));
my_errno=errno;
if (MyFlags & MY_WME)
my_error(EE_REALPATH, MYF(0), filename, my_errno);
my_load_path(to, filename, NullS);
result= -1;
}
} }
DBUG_RETURN(result); DBUG_RETURN(result);
#else #else
@ -145,3 +146,4 @@ int my_realpath(char *to, const char *filename,
return 0; return 0;
#endif #endif
} }