MDEV-10465 general_log_file can be abused

This issue was discovered by Dawid Golunski (http://legalhackers.com)
author: Sergei Golubchik <serg@mariadb.org> 2016-08-03 20:56:24 +0200
committer: Sergei Golubchik <serg@mariadb.org> 2016-08-03 20:56:24 +0200
commit: 470f2598cca350b79531bf0b88463a47d94abec3 (patch)
tree: 50238217a3e86ec472235755662149957c2f9e5f /sql/sys_vars.cc
parent: 0214115c7f8007a325cf3466a5bc6680e575a119 (diff)
download: mariadb-git-470f2598cca350b79531bf0b88463a47d94abec3.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc
index bf7ed231d77..2ed5be3bf3b 100644
--- a/sql/sys_vars.cc
+++ b/sql/sys_vars.cc
@@ -3033,6 +3033,13 @@ static bool check_log_path(sys_var *self, THD *thd, set_var *var)
     return true;
   }
 
+  static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") };
+  if (val->length >= my_cnf.length)
+  {
+    if (strcasecmp(val->str + val->length - my_cnf.length, my_cnf.str) == 0)
+      return true; // log file name ends with "my.cnf"
+  }
+
   char path[FN_REFLEN];
   size_t path_length= unpack_filename(path, val->str);
author	Sergei Golubchik <serg@mariadb.org>	2016-08-03 20:56:24 +0200
committer	Sergei Golubchik <serg@mariadb.org>	2016-08-03 20:56:24 +0200
commit	470f2598cca350b79531bf0b88463a47d94abec3 (patch)
tree	50238217a3e86ec472235755662149957c2f9e5f /sql/sys_vars.cc
parent	0214115c7f8007a325cf3466a5bc6680e575a119 (diff)
download	mariadb-git-470f2598cca350b79531bf0b88463a47d94abec3.tar.gz