From d6b00b72eb43559cb4857bc9d11ca8c8bb2af02b Mon Sep 17 00:00:00 2001
From: "cmiller@zippy.cornsilk.net" <>
Date: Fri, 11 Aug 2006 15:31:06 -0400
Subject: [PATCH] Bug#21224: mysql_upgrade uses possibly insecure temporary
 files

We open for writing a known location, which is exploitable with a symlink
attack.  Now, use the EXCLusive flag, so that the presence of anything at
that location causes a failure.  Try once to open safely, and if failure
then remove that location and try again to open safely.  If both fail, then
raise an error.
---
 client/mysql_upgrade.c | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/client/mysql_upgrade.c b/client/mysql_upgrade.c
index 3288b627554..053eb86b051 100644
--- a/client/mysql_upgrade.c
+++ b/client/mysql_upgrade.c
@@ -149,17 +149,29 @@ static int create_defaults_file(const char *path, const char *our_defaults_path)
   File our_defaults_file, defaults_file;
   char buffer[512];
   char *buffer_end;
+  int failed_to_open_count= 0;
   int error;
 
   /* check if the defaults file is needed at all */
   if (!opt_password)
     return 0;
 
-  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY,
+retry_open:
+  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY | O_EXCL,
                          MYF(MY_FAE | MY_WME));
 
   if (defaults_file < 0)
-    return 1;
+  {
+    if (failed_to_open_count == 0)
+    {
+      remove(path);
+      failed_to_open_count+= 1;
+      goto retry_open;
+    }
+    else
+      return 1;
+  }
+
   upgrade_defaults_created= 1;
   if (our_defaults_path)
   {