database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-10465 general_log_file can be abused

Browse Source 
followup
This commit is contained in:
Sergei Golubchik
2016-08-08 10:27:22 +02:00
parent a7c43a684a
commit 2a54a530a9
5 changed files with 15 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/suite/sys_vars/r/general_log_file_basic.result
View File

@ -18,6 +18,8 @@ SET @@global.general_log_file = '/tmp/my.cnf';
ERROR 42000: Variable 'general_log_file' can't be set to the value of '/tmp/my.cnf' ERROR 42000: Variable 'general_log_file' can't be set to the value of '/tmp/my.cnf'
SET @@global.general_log_file = '.my.cnf'; SET @@global.general_log_file = '.my.cnf';
ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf'
SET @@global.general_log_file = 'my.cnf\0foo';
ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf'
'#----------------------FN_DYNVARS_004_03------------------------#' '#----------------------FN_DYNVARS_004_03------------------------#'
SELECT @@global.general_log_file = VARIABLE_VALUE SELECT @@global.general_log_file = VARIABLE_VALUE
FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES

2
mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result
View File

@ -15,6 +15,8 @@ SET @@global.slow_query_log_file = '/tmp/my.cnf';
ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of '/tmp/my.cnf' ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of '/tmp/my.cnf'
SET @@global.general_log_file = '.my.cnf'; SET @@global.general_log_file = '.my.cnf';
ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf'
SET @@global.general_log_file = 'my.cnf\0foo';
ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf'
'#----------------------FN_DYNVARS_004_03------------------------#' '#----------------------FN_DYNVARS_004_03------------------------#'
SELECT @@global.slow_query_log_file = VARIABLE_VALUE SELECT @@global.slow_query_log_file = VARIABLE_VALUE
FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES

2
mysql-test/suite/sys_vars/t/general_log_file_basic.test
View File

@ -67,6 +67,8 @@ SET @@global.general_log_file = 'my.cnf';
SET @@global.general_log_file = '/tmp/my.cnf'; SET @@global.general_log_file = '/tmp/my.cnf';
--error ER_WRONG_VALUE_FOR_VAR --error ER_WRONG_VALUE_FOR_VAR
SET @@global.general_log_file = '.my.cnf'; SET @@global.general_log_file = '.my.cnf';
--error ER_WRONG_VALUE_FOR_VAR
SET @@global.general_log_file = 'my.cnf\0foo';
--echo '#----------------------FN_DYNVARS_004_03------------------------#' --echo '#----------------------FN_DYNVARS_004_03------------------------#'

2
mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test
View File

@ -65,6 +65,8 @@ SET @@global.slow_query_log_file = 'my.cnf';
SET @@global.slow_query_log_file = '/tmp/my.cnf'; SET @@global.slow_query_log_file = '/tmp/my.cnf';
--error ER_WRONG_VALUE_FOR_VAR --error ER_WRONG_VALUE_FOR_VAR
SET @@global.general_log_file = '.my.cnf'; SET @@global.general_log_file = '.my.cnf';
--error ER_WRONG_VALUE_FOR_VAR
SET @@global.general_log_file = 'my.cnf\0foo';
--echo '#----------------------FN_DYNVARS_004_03------------------------#' --echo '#----------------------FN_DYNVARS_004_03------------------------#'
############################################################################## ##############################################################################

14
sql/sys_vars.cc
View File

@ -3033,19 +3033,19 @@ static bool check_log_path(sys_var *self, THD *thd, set_var *var)
return true; return true;
} }
static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") };
if (val->length >= my_cnf.length)
{
if (strcasecmp(val->str + val->length - my_cnf.length, my_cnf.str) == 0)
return true; // log file name ends with "my.cnf"
}
char path[FN_REFLEN]; char path[FN_REFLEN];
size_t path_length= unpack_filename(path, val->str); size_t path_length= unpack_filename(path, val->str);
if (!path_length) if (!path_length)
return true; return true;
static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") };
if (path_length >= my_cnf.length)
{
if (strcasecmp(path + path_length - my_cnf.length, my_cnf.str) == 0)
return true; // log file name ends with "my.cnf"
}
MY_STAT f_stat; MY_STAT f_stat;
if (my_stat(path, &f_stat, MYF(0))) if (my_stat(path, &f_stat, MYF(0)))