Fix for Bug#29605

--local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response Add a check for CLIENT_LOCAL_FILES before sending a local file. Beware, that all binary distributions enable sending of local files and it's up to the programs which use libmysql to disable it, if they don't use this functionality. Otherwise they are not safe.
author: andrey@whirlpool.hristov.com <> 2008-02-22 18:45:45 +0100
committer: andrey@whirlpool.hristov.com <> 2008-02-22 18:45:45 +0100
commit: 07d9c4eeb86676dbe132371f590be612543cd50d (patch)
tree: 9ef2f8447010c5f0e58e783f2c46fcaa21b58044 /sql-common
parent: 04b306dad2309f3a66060263ba283d431857d613 (diff)
download: mariadb-git-07d9c4eeb86676dbe132371f590be612543cd50d.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/sql-common/client.c b/sql-common/client.c
index a26207038cf..f4d587d4df3 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -2736,7 +2736,15 @@ get_info:
 #ifdef MYSQL_CLIENT
   if (field_count == NULL_LENGTH)		/* LOAD DATA LOCAL INFILE */
   {
-    int error=handle_local_infile(mysql,(char*) pos);
+    int error;
+
+    if (!(mysql->options.client_flag & CLIENT_LOCAL_FILES))
+    {
+      set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate);
+      DBUG_RETURN(1);
+    }   
+
+    error= handle_local_infile(mysql,(char*) pos);
     if ((length= cli_safe_read(mysql)) == packet_error || error)
       DBUG_RETURN(1);
     goto get_info;				/* Get info packet */
author	andrey@whirlpool.hristov.com <>	2008-02-22 18:45:45 +0100
committer	andrey@whirlpool.hristov.com <>	2008-02-22 18:45:45 +0100
commit	07d9c4eeb86676dbe132371f590be612543cd50d (patch)
tree	9ef2f8447010c5f0e58e783f2c46fcaa21b58044 /sql-common
parent	04b306dad2309f3a66060263ba283d431857d613 (diff)
download	mariadb-git-07d9c4eeb86676dbe132371f590be612543cd50d.tar.gz