Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders

"load data infile .."  allowed for access to 
unautohorized tables.
Due to a faulty if-statement it was possible to
circumvent the secure_file_priv restriction.


mysql-test/mysql-test-run.pl:
  * Add SECURE_LOAD_PATH environment variable to mtr test cases.
mysql-test/suite/sys_vars/r/secure_file_priv2.result:
  * add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt:
  * add test for bug58747
mysql-test/suite/sys_vars/t/secure_file_priv2.test:
  * add test for bug58747
sql/sql_load.cc:
  * Correct faulty if-statement
  * fix indentation
  * move my_stat() block to after is_secure_file_path() check.

5 files changed, 83 insertions, 42 deletions

diff --git a/mysql-test/mysql-test-run.pl b/mysql-test/mysql-test-run.pl
index 22c60cf1997..1348d0f991b 100755
--- a/mysql-test/mysql-test-run.pl
+++ b/mysql-test/mysql-test-run.pl
@@ -2025,6 +2025,16 @@ sub environment_setup {
   $ENV{'DEFAULT_MASTER_PORT'}= $mysqld_variables{'master-port'} || 3306;
   $ENV{'MYSQL_TMP_DIR'}=      $opt_tmpdir;
   $ENV{'MYSQLTEST_VARDIR'}=   $opt_vardir;
+  
+  if (IS_WINDOWS)
+  {
+    $ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."\\std_data";
+  }
+  else
+  {
+    $ENV{'SECURE_LOAD_PATH'}= $glob_mysql_test_dir."/std_data";
+  }
+    
 
   # ----------------------------------------------------
   # Setup env for NDB
diff --git a/mysql-test/suite/sys_vars/r/secure_file_priv2.result b/mysql-test/suite/sys_vars/r/secure_file_priv2.result
new file mode 100644
index 00000000000..ec91b6037d0
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/secure_file_priv2.result
@@ -0,0 +1,6 @@
+CREATE TABLE t1 (c1 INT);
+LOAD DATA INFILE "t1.MYI" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+LOAD DATA INFILE "/test" into table t1;
+ERROR HY000: The MySQL server is running with the --secure-file-priv option so it cannot execute this statement
+DROP TABLE t1;
diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt b/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt
new file mode 100644
index 00000000000..1d9a49c8f75
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt
@@ -0,0 +1 @@
+--secure_file_priv=$SECURE_LOAD_PATH
diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv2.test b/mysql-test/suite/sys_vars/t/secure_file_priv2.test
new file mode 100644
index 00000000000..0ca0a1839e1
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv2.test
@@ -0,0 +1,23 @@
+#
+# Bug58747 breaks secure_file_priv+not secure yet+still accesses other folders
+#
+CREATE TABLE t1 (c1 INT);
+#
+# Before the patch this statement failed with
+# Linux:
+#  -> errno 13: 'Can't get stat of '
+# Windows:
+#  -> Warning 1366 Incorrect integer value: '■■☺' for
+#  ->              column 'c1' at row 1
+# Now it should consistently fail with ER_OPTION_PREVENTS_STATEMENT
+# on all platforms.
+--error ER_OPTION_PREVENTS_STATEMENT
+LOAD DATA INFILE "t1.MYI" into table t1;
+
+#
+# The following test makes the assuption that /test isn't a valid path in any
+# operating system running the test suite.
+--error ER_OPTION_PREVENTS_STATEMENT
+LOAD DATA INFILE "/test" into table t1;
+
+DROP TABLE t1;
diff --git a/sql/sql_load.cc b/sql/sql_load.cc
index 4b68f2a3821..a0f9ebbe39b 100644
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -314,56 +314,57 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
       (void) fn_format(name, ex->file_name, mysql_real_data_home, "",
                        MY_RELATIVE_PATH | MY_UNPACK_FILENAME |
                        MY_RETURN_REAL_PATH);
-#if !defined(__WIN__) && ! defined(__NETWARE__)
-      MY_STAT stat_info;
-      if (!my_stat(name,&stat_info,MYF(MY_WME)))
-	DBUG_RETURN(TRUE);
-
-      // if we are not in slave thread, the file must be:
-      if (!thd->slave_thread &&
-	  !((stat_info.st_mode & S_IROTH) == S_IROTH &&  // readable by others
-	    (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink
-	    ((stat_info.st_mode & S_IFREG) == S_IFREG ||
-	     (stat_info.st_mode & S_IFIFO) == S_IFIFO)))
-      {
-	my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name);
-	DBUG_RETURN(TRUE);
-      }
-      if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
-	is_fifo = 1;
-#endif
+    }
 
-      if (thd->slave_thread)
-      {
+    if (thd->slave_thread)
+    {
 #if defined(HAVE_REPLICATION) && !defined(MYSQL_CLIENT)
-        if (strncmp(active_mi->rli.slave_patternload_file, name, 
-            active_mi->rli.slave_patternload_file_size))
-        {
-          /*
-            LOAD DATA INFILE in the slave SQL Thread can only read from 
-            --slave-load-tmpdir". This should never happen. Please, report a bug.
-           */
-
-          sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \
-                          "Please, report a bug.");
-          my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir");
-          DBUG_RETURN(TRUE);
-        }
-#else
+      if (strncmp(active_mi->rli.slave_patternload_file, name, 
+          active_mi->rli.slave_patternload_file_size))
+      {
         /*
-          This is impossible and should never happen.
+          LOAD DATA INFILE in the slave SQL Thread can only read from 
+          --slave-load-tmpdir". This should never happen. Please, report a bug.
         */
-        DBUG_ASSERT(FALSE); 
-#endif
-      }
-      else if (!is_secure_file_path(name))
-      {
-        /* Read only allowed from within dir specified by secure_file_priv */
-        my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
+
+        sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \
+                        "Please, report a bug.");
+        my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir");
         DBUG_RETURN(TRUE);
       }
+#else
+      /*
+        This is impossible and should never happen.
+      */
+      DBUG_ASSERT(FALSE); 
+#endif
+    }
+    else if (!is_secure_file_path(name))
+    {
+      /* Read only allowed from within dir specified by secure_file_priv */
+      my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");
+      DBUG_RETURN(TRUE);
+    }
 
+#if !defined(__WIN__) && ! defined(__NETWARE__)
+    MY_STAT stat_info;
+    if (!my_stat(name,&stat_info,MYF(MY_WME)))
+	    DBUG_RETURN(TRUE);
+
+    // if we are not in slave thread, the file must be:
+    if (!thd->slave_thread &&
+	      !((stat_info.st_mode & S_IROTH) == S_IROTH &&  // readable by others
+	        (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink
+	        ((stat_info.st_mode & S_IFREG) == S_IFREG ||
+	         (stat_info.st_mode & S_IFIFO) == S_IFIFO)))
+    {
+	    my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name);
+	    DBUG_RETURN(TRUE);
     }
+    if ((stat_info.st_mode & S_IFIFO) == S_IFIFO)
+	    is_fifo = 1;
+#endif
+
     if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0)
       DBUG_RETURN(TRUE);
   }