diff options
author | Sergei Golubchik <serg@mariadb.org> | 2016-08-08 10:27:22 +0200 |
---|---|---|
committer | Sergei Golubchik <serg@mariadb.org> | 2016-08-08 21:27:30 +0200 |
commit | 2a54a530a9ba96a9a57607dd156a42192dae0873 (patch) | |
tree | b5b1085239672cf007d2021014e99f76e2237989 | |
parent | a7c43a684ac390636f2859dfe5cf65fb4be8f75b (diff) | |
download | mariadb-git-2a54a530a9ba96a9a57607dd156a42192dae0873.tar.gz |
MDEV-10465 general_log_file can be abused
followup
5 files changed, 15 insertions, 7 deletions
diff --git a/mysql-test/suite/sys_vars/r/general_log_file_basic.result b/mysql-test/suite/sys_vars/r/general_log_file_basic.result index 54b450a2fce..4c26cab8956 100644 --- a/mysql-test/suite/sys_vars/r/general_log_file_basic.result +++ b/mysql-test/suite/sys_vars/r/general_log_file_basic.result @@ -18,6 +18,8 @@ SET @@global.general_log_file = '/tmp/my.cnf'; ERROR 42000: Variable 'general_log_file' can't be set to the value of '/tmp/my.cnf' SET @@global.general_log_file = '.my.cnf'; ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' +SET @@global.general_log_file = 'my.cnf\0foo'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf' '#----------------------FN_DYNVARS_004_03------------------------#' SELECT @@global.general_log_file = VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES diff --git a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result index e2ed7d63fdb..db7eb238c43 100644 --- a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result +++ b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result @@ -15,6 +15,8 @@ SET @@global.slow_query_log_file = '/tmp/my.cnf'; ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of '/tmp/my.cnf' SET @@global.general_log_file = '.my.cnf'; ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' +SET @@global.general_log_file = 'my.cnf\0foo'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf' '#----------------------FN_DYNVARS_004_03------------------------#' SELECT @@global.slow_query_log_file = VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES diff --git a/mysql-test/suite/sys_vars/t/general_log_file_basic.test b/mysql-test/suite/sys_vars/t/general_log_file_basic.test index cdb2cc4b36e..fdc99fb6dea 100644 --- a/mysql-test/suite/sys_vars/t/general_log_file_basic.test +++ b/mysql-test/suite/sys_vars/t/general_log_file_basic.test @@ -67,6 +67,8 @@ SET @@global.general_log_file = 'my.cnf'; SET @@global.general_log_file = '/tmp/my.cnf'; --error ER_WRONG_VALUE_FOR_VAR SET @@global.general_log_file = '.my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = 'my.cnf\0foo'; --echo '#----------------------FN_DYNVARS_004_03------------------------#' diff --git a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test index 835cb251e39..79132a1bdc5 100644 --- a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test +++ b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test @@ -65,6 +65,8 @@ SET @@global.slow_query_log_file = 'my.cnf'; SET @@global.slow_query_log_file = '/tmp/my.cnf'; --error ER_WRONG_VALUE_FOR_VAR SET @@global.general_log_file = '.my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = 'my.cnf\0foo'; --echo '#----------------------FN_DYNVARS_004_03------------------------#' ############################################################################## diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index 2ed5be3bf3b..7d43984c9c0 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -3033,19 +3033,19 @@ static bool check_log_path(sys_var *self, THD *thd, set_var *var) return true; } - static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") }; - if (val->length >= my_cnf.length) - { - if (strcasecmp(val->str + val->length - my_cnf.length, my_cnf.str) == 0) - return true; // log file name ends with "my.cnf" - } - char path[FN_REFLEN]; size_t path_length= unpack_filename(path, val->str); if (!path_length) return true; + static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") }; + if (path_length >= my_cnf.length) + { + if (strcasecmp(path + path_length - my_cnf.length, my_cnf.str) == 0) + return true; // log file name ends with "my.cnf" + } + MY_STAT f_stat; if (my_stat(path, &f_stat, MYF(0))) |