Bug#21224: mysql_upgrade uses possibly insecure temporary files

We open for writing a known location, which is exploitable with a symlink attack. Now, use the EXCLusive flag, so that the presence of anything at that location causes a failure. Try once to open safely, and if failure then remove that location and try again to open safely. If both fail, then raise an error.
2025-08-07 00:04:31 +03:00 · 2006-08-11 15:31:06 -04:00
parent dee4105ce0
commit d6b00b72eb
1 changed files with 14 additions and 2 deletions
--- a/client/mysql_upgrade.c
+++ b/client/mysql_upgrade.c
@@ -149,17 +149,29 @@ static int create_defaults_file(const char *path, const char *our_defaults_path)
  File our_defaults_file, defaults_file;
  char buffer[512];
  char *buffer_end;
+  int failed_to_open_count= 0;
  int error;

  /* check if the defaults file is needed at all */
  if (!opt_password)
    return 0;

-  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY,
+retry_open:
+  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY | O_EXCL,
                         MYF(MY_FAE | MY_WME));

  if (defaults_file < 0)
-    return 1;
+  {
+    if (failed_to_open_count == 0)
+    {
+      remove(path);
+      failed_to_open_count+= 1;
+      goto retry_open;
+    }
+    else
+      return 1;
+  }
+
  upgrade_defaults_created= 1;
  if (our_defaults_path)
  {