From 78b40d0a0ff0771842af25e08d3672c8b5836588 Mon Sep 17 00:00:00 2001 From: "reggie@mdk10.(none)" <> Date: Sat, 21 May 2005 12:31:58 -0500 Subject: BUG# 9148: Denial of service This is a second patch needing another review. The first patch didn't solve the entire problem. open and fopen on Windows will still open files like "com1.sym" when they shouldn't. This patch checks that the file exists before trying to open it. --- mysys/my_fopen.c | 18 +++++++++++++++--- mysys/my_open.c | 6 ++++++ 2 files changed, 21 insertions(+), 3 deletions(-) (limited to 'mysys') diff --git a/mysys/my_fopen.c b/mysys/my_fopen.c index e918b7b0de2..208e7e80fd8 100644 --- a/mysys/my_fopen.c +++ b/mysys/my_fopen.c @@ -33,9 +33,21 @@ FILE *my_fopen(const char *FileName, int Flags, myf MyFlags) DBUG_ENTER("my_fopen"); DBUG_PRINT("my",("Name: '%s' Flags: %d MyFlags: %d", FileName, Flags, MyFlags)); - - make_ftype(type,Flags); - if ((fd = fopen(FileName, type)) != 0) + /* + * if we are not creating, then we need to use my_access to make sure + * the file exists since Windows doesn't handle files like "com1.sym" very well + */ +#ifdef __WIN__ + if (! (Flags & O_CREAT) && my_access(FileName, F_OK)) + fd=0; + else +#endif + { + make_ftype(type,Flags); + fd = fopen(FileName, type); + } + + if (fd != 0) { /* The test works if MY_NFILE < 128. The problem is that fileno() is char diff --git a/mysys/my_open.c b/mysys/my_open.c index ca5c0d8683f..1f3bb95b5a2 100644 --- a/mysys/my_open.c +++ b/mysys/my_open.c @@ -46,6 +46,12 @@ File my_open(const char *FileName, int Flags, myf MyFlags) DBUG_PRINT("my",("Name: '%s' Flags: %d MyFlags: %d", FileName, Flags, MyFlags)); #if defined(MSDOS) || defined(__WIN__) || defined(__EMX__) || defined(OS2) + /* if we are not creating, then we need to use my_access to make + * sure the file exists since Windows doesn't handle files like + * "com1.sym" very well + */ + if (! (Flags & O_CREAT) && my_access(FileName, F_OK)) + return -1; if (Flags & O_SHARE) fd = sopen((my_string) FileName, (Flags & ~O_SHARE) | O_BINARY, SH_DENYNO, MY_S_IREAD | MY_S_IWRITE); -- cgit v1.2.1 From 3384ecc988ef999b1fadfecce96f310923754f7d Mon Sep 17 00:00:00 2001 From: "reggie@mdk10.(none)" <> Date: Mon, 23 May 2005 14:48:25 -0500 Subject: BUG# 9148 Denial of service fixups of test case and comment formatting --- mysys/my_fopen.c | 5 +++-- mysys/my_open.c | 7 ++++--- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'mysys') diff --git a/mysys/my_fopen.c b/mysys/my_fopen.c index 208e7e80fd8..4310250bd0d 100644 --- a/mysys/my_fopen.c +++ b/mysys/my_fopen.c @@ -34,8 +34,9 @@ FILE *my_fopen(const char *FileName, int Flags, myf MyFlags) DBUG_PRINT("my",("Name: '%s' Flags: %d MyFlags: %d", FileName, Flags, MyFlags)); /* - * if we are not creating, then we need to use my_access to make sure - * the file exists since Windows doesn't handle files like "com1.sym" very well + if we are not creating, then we need to use my_access to make sure + the file exists since Windows doesn't handle files like "com1.sym" + very well */ #ifdef __WIN__ if (! (Flags & O_CREAT) && my_access(FileName, F_OK)) diff --git a/mysys/my_open.c b/mysys/my_open.c index 1f3bb95b5a2..ea4d99c3e8c 100644 --- a/mysys/my_open.c +++ b/mysys/my_open.c @@ -46,9 +46,10 @@ File my_open(const char *FileName, int Flags, myf MyFlags) DBUG_PRINT("my",("Name: '%s' Flags: %d MyFlags: %d", FileName, Flags, MyFlags)); #if defined(MSDOS) || defined(__WIN__) || defined(__EMX__) || defined(OS2) - /* if we are not creating, then we need to use my_access to make - * sure the file exists since Windows doesn't handle files like - * "com1.sym" very well + /* + if we are not creating, then we need to use my_access to make + sure the file exists since Windows doesn't handle files like + "com1.sym" very well */ if (! (Flags & O_CREAT) && my_access(FileName, F_OK)) return -1; -- cgit v1.2.1