From 5dd5d70506611ea68c7103fcf97512e3114fffae Mon Sep 17 00:00:00 2001 From: Kristofer Pettersson Date: Mon, 3 May 2010 18:14:39 +0200 Subject: Bug#50373 --secure-file-priv="" Iterative patch improvement. Previously committed patch caused wrong result on Windows. The previous patch also broke secure_file_priv for symlinks since not all file paths which must be compared against this variable are normalized using the same norm. The server variable opt_secure_file_priv wasn't normalized properly and caused the operations LOAD DATA INFILE .. INTO TABLE .. and SELECT load_file(..) to do different interpretations of the --secure-file-priv option. The patch moves code to the server initialization routines so that the path always is normalized once and only once. It was also intended that setting the option to an empty string should be equal to lifting all previously set restrictions. This is also fixed by this patch. mysql-test/r/loaddata.result: * Removed test code which will currently break the much used --mem feature of mtr. mysql-test/t/loaddata.test: * Removed test code which will currently break the much used --mem feature of mtr. sql/item_strfunc.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms. sql/mysql_priv.h: * Added signature for is_secure_file_path() sql/mysqld.cc: * New function for checking if a path compatible with the secure path restriction. * Added initialization of the opt_secure_file_priv variable. sql/sql_class.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms. sql/sql_load.cc: * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms. --- sql/item_strfunc.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'sql/item_strfunc.cc') diff --git a/sql/item_strfunc.cc b/sql/item_strfunc.cc index b53172d631a..5d56b0a621a 100644 --- a/sql/item_strfunc.cc +++ b/sql/item_strfunc.cc @@ -2959,8 +2959,7 @@ String *Item_load_file::val_str(String *str) MY_RELATIVE_PATH | MY_UNPACK_FILENAME); /* Read only allowed from within dir specified by secure_file_priv */ - if (opt_secure_file_priv && - strncmp(opt_secure_file_priv, path, strlen(opt_secure_file_priv))) + if (!is_secure_file_path(path)) goto err; if (!my_stat(path, &stat_info, MYF(0))) -- cgit v1.2.1