From b27fd90ad36f4194665744cc1dcdd05f2d0b47ef Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Wed, 15 Feb 2017 18:45:19 +0100 Subject: MDEV-11902 mi_open race condition TOCTOU bug. The path is checked to be valid, symlinks are resolved. Then the resolved path is opened. Between the check and the open, there's a window when one can replace some path component with a symlink, bypassing validity checks. Fix: after we resolved all symlinks in the path, don't allow open() to resolve symlinks, there should be none. Compared to the old MyISAM/Aria code: * fastpath. Opening of not-symlinked files is just one open(), no fn_format() and lstat() anymore. * opening of symlinked tables doesn't do fn_format() and lstat() either. it also doesn't to realpath() (which was lstat-ing every path component), instead if opens every path component with O_PATH. * share->data_file_name stores realpath(path) not readlink(path). So, SHOW CREATE TABLE needs to do lstat/readlink() now (see ::info()), and certain error messages (cannot open file "XXX") show the real file path with all symlinks resolved. --- mysql-test/suite/federated/federated_bug_35333.result | 3 --- mysql-test/suite/federated/federated_bug_35333.test | 2 +- 2 files changed, 1 insertion(+), 4 deletions(-) (limited to 'mysql-test/suite/federated') diff --git a/mysql-test/suite/federated/federated_bug_35333.result b/mysql-test/suite/federated/federated_bug_35333.result index e1319cfeeae..c19fb78b7ae 100644 --- a/mysql-test/suite/federated/federated_bug_35333.result +++ b/mysql-test/suite/federated/federated_bug_35333.result @@ -27,9 +27,6 @@ TABLE_SCHEMA TABLE_NAME TABLE_TYPE ENGINE ROW_FORMAT TABLE_ROWS DATA_LENGTH TABL test t1 BASE TABLE NULL NULL NULL NULL Can't find file: 't1' (errno: 2) Warnings: Warning 1017 Can't find file: 't1' (errno: 2) -SHOW WARNINGS; -Level Code Message -Warning 1017 Can't find file: 't1' (errno: 2) DROP TABLE t1; ERROR 42S02: Unknown table 't1' # diff --git a/mysql-test/suite/federated/federated_bug_35333.test b/mysql-test/suite/federated/federated_bug_35333.test index 6487e10e018..5134dbc6252 100644 --- a/mysql-test/suite/federated/federated_bug_35333.test +++ b/mysql-test/suite/federated/federated_bug_35333.test @@ -61,10 +61,10 @@ let $MYSQLD_DATADIR= `SELECT @@datadir`; --echo # --echo # Trigger a MyISAM system error during an INFORMATION_SCHEMA.TABLES query --echo # +--replace_result 20 2 SELECT TABLE_SCHEMA, TABLE_NAME, TABLE_TYPE, ENGINE, ROW_FORMAT, TABLE_ROWS, DATA_LENGTH, TABLE_COMMENT FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME = 't1'; -SHOW WARNINGS; --disable_warnings --error 1051 DROP TABLE t1; -- cgit v1.2.1