Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.

test_if_data_home_dir fixed to look into real path. Checks added to mi_open for symlinks into data home directory. per-file messages: include/my_sys.h Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. my_is_symlink interface added include/myisam.h Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. myisam_test_invalid_symlink interface added myisam/mi_check.c Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. mi_open_datafile calls modified myisam/mi_open.c Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. code added to mi_open to check for symlinks into data home directory. mi_open_datafile now accepts 'original' file path to check if it's an allowed symlink. myisam/mi_static.c Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. myisam_test_invlaid_symlink defined myisam/myisamchk.c Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. mi_open_datafile call modified myisam/myisamdef.h Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. mi_open_datafile interface modified - 'real_path' parameter added mysql-test/r/symlink.test Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. error codes corrected as some patch now rejected pointing inside datahome mysql-test/r/symlink.result Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. error messages corrected in the result mysys/my_symlink.c Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. my_is_symlink() implementsd my_realpath() now returns the 'realpath' even if a file isn't a symlink sql/mysql_priv.h Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. test_if_data_home_dir interface sql/mysqld.cc Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. myisam_test_invalid_symlik set with the 'test_if_data_home_dir' sql/sql_parse.cc Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY. error messages corrected test_if_data_home_dir code fixed
2025-07-30 16:24:05 +03:00 · 2008-08-22 17:31:53 +05:00
parent de73b72954
commit ec524d50a8
12 changed files with 112 additions and 54 deletions
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@ -106,38 +106,39 @@ int my_symlink(const char *content, const char *linkname, myf MyFlags)
 #define BUFF_LEN FN_LEN
 #endif

+
+int my_is_symlink(const char *filename __attribute__((unused)))
+{
+  struct stat stat_buff;
+  return !lstat(filename, &stat_buff) && S_ISLNK(stat_buff.st_mode);
+}
+
+
 int my_realpath(char *to, const char *filename,
 		myf MyFlags __attribute__((unused)))
 {
 #if defined(HAVE_REALPATH) && !defined(HAVE_purify) && !defined(HAVE_BROKEN_REALPATH)
  int result=0;
  char buff[BUFF_LEN];
-  struct stat stat_buff;
+  char *ptr;
  DBUG_ENTER("my_realpath");

-  if (!(MyFlags & MY_RESOLVE_LINK) ||
-      (!lstat(filename,&stat_buff) && S_ISLNK(stat_buff.st_mode)))
-  {
-    char *ptr;
-    DBUG_PRINT("info",("executing realpath"));
-    if ((ptr=realpath(filename,buff)))
-    {
+  DBUG_PRINT("info",("executing realpath"));
+  if ((ptr=realpath(filename,buff)))
      strmake(to,ptr,FN_REFLEN-1);
-    }
-    else
-    {
-      /*
-	Realpath didn't work;  Use my_load_path() which is a poor substitute
-	original name but will at least be able to resolve paths that starts
-	with '.'.
-      */
-      DBUG_PRINT("error",("realpath failed with errno: %d", errno));
-      my_errno=errno;
-      if (MyFlags & MY_WME)
-	my_error(EE_REALPATH, MYF(0), filename, my_errno);
-      my_load_path(to, filename, NullS);
-      result= -1;
-    }
+  else
+  {
+    /*
+      Realpath didn't work;  Use my_load_path() which is a poor substitute
+      original name but will at least be able to resolve paths that starts
+      with '.'.
+    */
+    DBUG_PRINT("error",("realpath failed with errno: %d", errno));
+    my_errno=errno;
+    if (MyFlags & MY_WME)
+      my_error(EE_REALPATH, MYF(0), filename, my_errno);
+    my_load_path(to, filename, NullS);
+    result= -1;
  }
  DBUG_RETURN(result);
 #else