From 233143fd31cdab65c31db780b8c0c4a1618e16b3 Mon Sep 17 00:00:00 2001 From: unknown Date: Fri, 22 Feb 2008 18:45:45 +0100 Subject: Fix for Bug#29605 --local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response Add a check for CLIENT_LOCAL_FILES before sending a local file. Beware, that all binary distributions enable sending of local files and it's up to the programs which use libmysql to disable it, if they don't use this functionality. Otherwise they are not safe. client/mysqltest.c: Enable LOAD DATA LOCAL INFILE for the test suite, like some rpl and ndb test. sql-common/client.c: Check if the client has LOAD DATA LOCAL INFILE disabled and don't serve such requests from the server. This is not 100% proof, as if the client has this enabled, in all binary builds for BC, the check won't work and the client can be tricked into sending a local file. tests/mysql_client_test.c: Switch on LOCAL INFILE in client test. If one day there is a test which uses it, then it will work out of the box. --- sql-common/client.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'sql-common') diff --git a/sql-common/client.c b/sql-common/client.c index a26207038cf..f4d587d4df3 100644 --- a/sql-common/client.c +++ b/sql-common/client.c @@ -2736,7 +2736,15 @@ get_info: #ifdef MYSQL_CLIENT if (field_count == NULL_LENGTH) /* LOAD DATA LOCAL INFILE */ { - int error=handle_local_infile(mysql,(char*) pos); + int error; + + if (!(mysql->options.client_flag & CLIENT_LOCAL_FILES)) + { + set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate); + DBUG_RETURN(1); + } + + error= handle_local_infile(mysql,(char*) pos); if ((length= cli_safe_read(mysql)) == packet_error || error) DBUG_RETURN(1); goto get_info; /* Get info packet */ -- cgit v1.2.1