diff options
| author | Nisha Gopalakrishnan <nisha.gopalakrishnan@oracle.com> | 2017-05-12 09:47:48 +0530 |
|---|---|---|
| committer | Nisha Gopalakrishnan <nisha.gopalakrishnan@oracle.com> | 2017-05-12 09:47:48 +0530 |
| commit | b615c3dff885b1ce44fa2275aec8f04c8963ea75 (patch) | |
| tree | b739e4235a8417a0812d09ab8f3ca3d628bec8ca /mysys | |
| parent | 67bec60c726ee25e5c4a82709397c65c4e768e3e (diff) | |
| download | mariadb-git-b615c3dff885b1ce44fa2275aec8f04c8963ea75.tar.gz | |
BUG#25451091:CREATE TABLE DATA DIRECTORY / INDEX DIRECTORY
SYMLINK CHECK RACE CONDITIONS
ANALYSIS:
=========
A potential defect exists in the handling of CREATE
TABLE .. DATA DIRECTORY/ INDEX DIRECTORY which gives way to
the user to gain access to another user table or a system
table.
FIX:
====
The lstat and fstat output of the target files are now
stored which help in determining the identity of the target
files thus preventing the unauthorized access to other
files.
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/my_symlink.c | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c index cdb16a7422b..4569fcf7fbf 100644 --- a/mysys/my_symlink.c +++ b/mysys/my_symlink.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2001, 2011, Oracle and/or its affiliates. All rights reserved. +/* Copyright (c) 2001, 2017, Oracle and/or its affiliates. All rights reserved. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -99,11 +99,18 @@ int my_symlink(const char *content, const char *linkname, myf MyFlags) #endif -int my_is_symlink(const char *filename __attribute__((unused))) +int my_is_symlink(const char *filename __attribute__((unused)), + ST_FILE_ID *file_id) { #if defined (HAVE_LSTAT) && defined (S_ISLNK) struct stat stat_buff; - return !lstat(filename, &stat_buff) && S_ISLNK(stat_buff.st_mode); + int result= !lstat(filename, &stat_buff) && S_ISLNK(stat_buff.st_mode); + if (file_id && !result) + { + file_id->st_dev= stat_buff.st_dev; + file_id->st_ino= stat_buff.st_ino; + } + return result; #elif defined (_WIN32) DWORD dwAttr = GetFileAttributes(filename); return (dwAttr != INVALID_FILE_ATTRIBUTES) && @@ -164,3 +171,20 @@ int my_realpath(char *to, const char *filename, myf MyFlags) #endif return 0; } + + +/** + Return non-zero if the file descriptor and a previously lstat-ed file + identified by file_id point to the same file +*/ +int my_is_same_file(File file, const ST_FILE_ID *file_id) +{ + MY_STAT stat_buf; + if (my_fstat(file, &stat_buf, MYF(0)) == -1) + { + my_errno= errno; + return 0; + } + return (stat_buf.st_dev == file_id->st_dev) + && (stat_buf.st_ino == file_id->st_ino); +} |