Fix for Bug#29605

--local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response
  
Add a check for CLIENT_LOCAL_FILES before sending a local file.
Beware, that all binary distributions enable sending of local files and it's up
to the programs which use libmysql to disable it, if they don't use this functionality.
Otherwise they are not safe.


client/mysqltest.c:
  Enable LOAD DATA LOCAL INFILE for the test suite, like some rpl and ndb test.
sql-common/client.c:
  Check if the client has LOAD DATA LOCAL INFILE disabled and
  don't serve such requests from the server. This is not 100% proof,
  as if the client has this enabled, in all binary builds for BC,
  the check won't work and the client can be tricked into sending a
  local file.
tests/mysql_client_test.c:
  Switch on LOCAL INFILE in client test. If one day there
  is a test which uses it, then it will work out of the box.

1 files changed, 9 insertions, 1 deletions

diff --git a/sql-common/client.c b/sql-common/client.c
index a26207038cf..f4d587d4df3 100644
--- a/sql-common/client.c
+++ b/sql-common/client.c
@@ -2736,7 +2736,15 @@ get_info:
 #ifdef MYSQL_CLIENT
   if (field_count == NULL_LENGTH)		/* LOAD DATA LOCAL INFILE */
   {
-    int error=handle_local_infile(mysql,(char*) pos);
+    int error;
+
+    if (!(mysql->options.client_flag & CLIENT_LOCAL_FILES))
+    {
+      set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate);
+      DBUG_RETURN(1);
+    }   
+
+    error= handle_local_infile(mysql,(char*) pos);
     if ((length= cli_safe_read(mysql)) == packet_error || error)
       DBUG_RETURN(1);
     goto get_info;				/* Get info packet */