Bug #11764517: 57359: POSSIBLE TO CIRCUMVENT SECURE_FILE_PRIV

  USING '..' ON WINDOWS

Backport of the fix to 5.0 (to be null-merged to 5.1).
Moved the test into the main test suite. 
Made mysql-test-run.pl to not use symlinks for sdtdata as the symlinks
are now properly recognized by secure_file_priv.
Made sure the paths in load_file(), LOAD DATA and SELECT .. INTO OUTFILE 
that are checked against secure_file_priv in a correct way similarly to 5.1 
by the extended is_secure_file_path() backport before the comparison.
Added an extensive test with all the variants of upper/lower case, 
slash/backslash and case sensitivity.
Added few comments to the code.

1 files changed, 16 insertions, 1 deletions

diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c
index 7f2be5644e8..e17cd8bbe0c 100644
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@@ -149,8 +149,23 @@ int my_realpath(char *to, const char *filename,
     result= -1;
   }
   DBUG_RETURN(result);
+#elif defined(_WIN32)
+  int ret= GetFullPathName(filename,FN_REFLEN, to, NULL);
+  if (ret == 0 || ret > FN_REFLEN)
+  {
+    my_errno= (ret > FN_REFLEN) ? ENAMETOOLONG : GetLastError();
+    if (MyFlags & MY_WME)
+      my_error(EE_REALPATH, MYF(0), filename, my_errno);
+    /* 
+      GetFullPathName didn't work : use my_load_path() which is a poor 
+      substitute original name but will at least be able to resolve 
+      paths that starts with '.'.
+    */  
+    my_load_path(to, filename, NullS);
+    return -1;
+  }
 #else
   my_load_path(to, filename, NullS);
+#endif  
   return 0;
-#endif
 }