summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKristofer Pettersson <kristofer.pettersson@oracle.com>2010-10-17 13:00:13 +0200
committerKristofer Pettersson <kristofer.pettersson@oracle.com>2010-10-17 13:00:13 +0200
commite548c322c200d4e115793e52bfda7c314f9842e8 (patch)
treed00e11b7ceddf7bca6f65275a36108bdf80f8fbe
parentb001a5224d8b26e9706a386ca2c26320d152ee1c (diff)
downloadmariadb-git-e548c322c200d4e115793e52bfda7c314f9842e8.tar.gz
Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows
Where realpath(3) is used in Linux, mf_load_path is used for Windows. This function doesn't however correspond to the functionality of realpath. This patch attempts to do better by using the Windows function GetFullPathName() instead.
Diffstat
-rw-r--r--mysys/my_symlink.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c
index 258e227bb7b..b57edd2179a 100644
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
#endif
}
-
/*
Resolve all symbolic links in path
'to' may be equal to 'filename'
@@ -147,7 +146,23 @@ int my_realpath(char *to, const char *filename,
}
DBUG_RETURN(result);
#else
+#ifdef _WIN32
+ int ret= GetFullPathName(filename,FN_REFLEN,
+ to,
+ NULL);
+ if (ret == 0 || ret > FN_REFLEN)
+ {
+ if (ret > FN_REFLEN)
+ my_errno= ENAMETOOLONG;
+ else
+ my_errno= EACCES;
+ if (MyFlags & MY_WME)
+ my_error(EE_REALPATH, MYF(0), filename, my_errno);
+ return -1;
+ }
+#else
my_load_path(to, filename, NullS);
+#endif
return 0;
#endif
}
View Lorry Controller Status