From: gluh
Date: November 27 2007 12:39pm
Subject: bk commit into 4.0 tree (gluh:1.2198) BUG#32167
List-Archive: http://lists.mysql.com/commits/38623
X-Bug: 32167
Message-Id: <20071127123948.589EB24A0095@eagle.localdomain>

Below is the list of changes that have just been committed into a local
4.0 repository of gluh. When gluh does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2007-11-27 16:39:47+04:00, gluh@stripped +3 -0
  Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
  added new function test_if_data_home_dir() which checks that
  path does not contain mysql data home directory.
  Using of mysql data home directory in
  DATA DIRECTORY & INDEX DIRECTORY is disallowed.

  mysql-test/r/symlink.result@stripped, 2007-11-27 16:39:46+04:00, gluh@stripped +9 -0
    test result

  mysql-test/t/symlink.test@stripped, 2007-11-27 16:39:46+04:00, gluh@stripped +14 -0
    test case

  sql/sql_parse.cc@stripped, 2007-11-27 16:39:46+04:00, gluh@stripped +49 -0
    added new function test_if_data_home_dir() which checks that
    path does not contain mysql data home directory.
    Using of mysql data home directory in
    DATA DIRECTORY & INDEX DIRECTORY is disallowed.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	gluh
# Host:	eagle.(none)
# Root:	/home/gluh/MySQL/Bugs/4.0

--- 1.397/sql/sql_parse.cc	2006-04-26 04:41:10 +05:00
+++ 1.398/sql/sql_parse.cc	2007-11-27 16:39:46 +04:00
@@ -67,6 +67,7 @@ static bool create_total_list(THD *thd, 
 			      TABLE_LIST **result, bool skip_first);
 static bool check_one_table_access(THD *thd, ulong want_access,
 				   TABLE_LIST *table, bool no_errors);
+static bool test_if_data_home_dir(const char *dir);
 
 
 const char *any_db="*any*";	// Special symbol for check_access
@@ -1681,6 +1682,16 @@ mysql_execute_command(void)
 #ifndef HAVE_READLINK
     lex->create_info.data_file_name=lex->create_info.index_file_name=0;
 #else
+
+    if (lex->create_info.data_file_name &&
+        test_if_data_home_dir(lex->create_info.data_file_name) ||
+        lex->create_info.index_file_name &&
+        test_if_data_home_dir(lex->create_info.index_file_name))
+    {
+      my_message(ER_UNKNOWN_ERROR, "Can't use data home directory", MYF(0));
+      res= -1;
+      break;
+    }
     /* Fix names if symlinked tables */
     if (append_file_to_dir(thd, &lex->create_info.data_file_name,
 			   tables->real_name) ||
@@ -4040,4 +4051,42 @@ static bool check_multi_update_lock(THD 
   
 error:
   DBUG_RETURN(res);
+}
+
+
+/*
+  Check if path does not contain mysql data home directory
+
+  SYNOPSIS
+    test_if_data_home_dir()
+    dir	                    directory
+
+  RETURN VALUES
+    0	ok
+    1	error  
+*/
+
+static bool test_if_data_home_dir(const char *dir)
+{
+  ulong home_dir_len= strlen(mysql_real_data_home)-1;
+  ulong dir_len;
+  char path[FN_REFLEN];
+
+  (void) fn_format(path, dir, "", "", MY_RETURN_REAL_PATH);
+  dir_len= strlen(path);
+  if (home_dir_len <= dir_len)
+  {
+    if (lower_case_file_system)
+    {
+      if (!my_strnncoll(default_charset_info, (const uchar*) path, home_dir_len,
+                        (const uchar*) mysql_real_data_home, home_dir_len))
+        goto err;
+    }
+    else if (!memcmp(path, mysql_real_data_home, home_dir_len))
+      goto err;
+  }
+  return 0;
+
+err:
+  return 1;
 }

--- 1.7/mysql-test/r/symlink.result	2003-12-13 00:26:56 +04:00
+++ 1.8/mysql-test/r/symlink.result	2007-11-27 16:39:46 +04:00
@@ -84,3 +84,12 @@ t1	CREATE TABLE `t1` (
   `b` int(11) default NULL
 ) TYPE=MyISAM
 drop table t1;
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/var/master-data/test';
+Can't use data home directory
+CREATE TABLE t1(a INT)
+DATA DIRECTORY='TEST_DIR/var/master-data/';
+Can't use data home directory
+CREATE TABLE t1(a INT)
+INDEX DIRECTORY='TEST_DIR/var/master-data';
+Can't use data home directory

--- 1.6/mysql-test/t/symlink.test	2003-12-13 00:26:56 +04:00
+++ 1.7/mysql-test/t/symlink.test	2007-11-27 16:39:46 +04:00
@@ -112,3 +112,17 @@ eval alter table t1 index directory="$MY
 enable_query_log;
 show create table t1;
 drop table t1;
+
+#
+# Bug#32167 another privilege bypass with DATA/INDEX DIRECORY
+#
+--replace_result $MYSQL_TEST_DIR TEST_DIR
+--error 1105
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/test';
+--error 1105
+eval CREATE TABLE t1(a INT)
+DATA DIRECTORY='$MYSQL_TEST_DIR/var/master-data/';
+--error 1105
+eval CREATE TABLE t1(a INT)
+INDEX DIRECTORY='$MYSQL_TEST_DIR/var/master-data';