Fix for Bug#29605

--local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response Add a check for CLIENT_LOCAL_FILES before sending a local file. Beware, that all binary distributions enable sending of local files and it's up to the programs which use libmysql to disable it, if they don't use this functionality. Otherwise they are not safe. client/mysqltest.c: Enable LOAD DATA LOCAL INFILE for the test suite, like some rpl and ndb test. sql-common/client.c: Check if the client has LOAD DATA LOCAL INFILE disabled and don't serve such requests from the server. This is not 100% proof, as if the client has this enabled, in all binary builds for BC, the check won't work and the client can be tricked into sending a local file. tests/mysql_client_test.c: Switch on LOCAL INFILE in client test. If one day there is a test which uses it, then it will work out of the box.
2025-07-30 16:24:05 +03:00 · 2008-02-22 18:45:45 +01:00
parent 0dedada2ff
commit 233143fd31
3 changed files with 13 additions and 1 deletions
--- a/tests/mysql_client_test.c
+++ b/tests/mysql_client_test.c
@ -289,6 +289,8 @@ static void client_connect(ulong flag)
    myerror("mysql_init() failed");
    exit(1);
  }
+  /* enable local infile, in non-binary builds often disabled by default */
+  mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, 0);

  if (!(mysql_real_connect(mysql, opt_host, opt_user,
                           opt_password, opt_db ? opt_db:"test", opt_port,