Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.

            
            test_if_data_home_dir fixed to look into real path.
            Checks added to mi_open for symlinks into data home directory.

per-file messages:
        include/my_sys.h
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          my_is_symlink interface added
        include/myisam.h
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          myisam_test_invalid_symlink interface added
        myisam/mi_check.c
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          mi_open_datafile calls modified
        myisam/mi_open.c
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          code added to mi_open to check for symlinks into data home directory.
          mi_open_datafile now accepts 'original' file path to check if it's
          an allowed symlink.
        myisam/mi_static.c
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          myisam_test_invlaid_symlink defined
        myisam/myisamchk.c
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          mi_open_datafile call modified
        myisam/myisamdef.h
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          mi_open_datafile interface modified - 'real_path' parameter added
        mysql-test/r/symlink.test
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          error codes corrected as some patch now rejected pointing inside datahome
        mysql-test/r/symlink.result
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          error messages corrected in the result
        mysys/my_symlink.c
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          my_is_symlink() implementsd
          my_realpath() now returns the 'realpath' even if a file isn't a symlink
        sql/mysql_priv.h
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          test_if_data_home_dir interface
        sql/mysqld.cc
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          myisam_test_invalid_symlik set with the 'test_if_data_home_dir'
        sql/sql_parse.cc
          Bug#32167 another privilege bypass with DATA/INDEX DIRECTORY.
          
          error messages corrected
          test_if_data_home_dir code fixed

2 files changed, 5 insertions, 0 deletions

diff --git a/include/my_sys.h b/include/my_sys.h
index db01223602d..5dc73bf84d9 100644
--- a/include/my_sys.h
+++ b/include/my_sys.h
@@ -574,6 +574,7 @@ extern int my_close(File Filedes,myf MyFlags);
 extern File my_dup(File file, myf MyFlags);
 extern int my_mkdir(const char *dir, int Flags, myf MyFlags);
 extern int my_readlink(char *to, const char *filename, myf MyFlags);
+extern int my_is_symlink(const char *filename);
 extern int my_realpath(char *to, const char *filename, myf MyFlags);
 extern File my_create_with_symlink(const char *linkname, const char *filename,
 				   int createflags, int access_flags,
diff --git a/include/myisam.h b/include/myisam.h
index 61b9f39e63b..ad585f79608 100644
--- a/include/myisam.h
+++ b/include/myisam.h
@@ -267,6 +267,10 @@ extern my_bool myisam_flush,myisam_delay_key_write,myisam_single_user;
 extern my_off_t myisam_max_temp_length;
 extern ulong myisam_bulk_insert_tree_size, myisam_data_pointer_size;
 
+/* usually used to check if a symlink points into the mysql data home */
+/* which is normally forbidden                                        */
+extern int (*myisam_test_invalid_symlink)(const char *filename);
+
 	/* Prototypes for myisam-functions */
 
 extern int mi_close(struct st_myisam_info *file);