From: Georgi Kodinov Date: November 3 2009 1:49pm Subject: bzr commit into mysql-5.0-bugteam branch (joro:2837) Bug#32167 List-Archive: http://lists.mysql.com/commits/89133 X-Bug: 32167 Message-Id: <200911031349.nA3DnIdU023414@magare.gmz> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============8320142432037164782==" --===============8320142432037164782== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///home/kgeorge/mysql/work/B32167-5.0-bugteam/ based on revid:li-bing.song@stripped 2837 Georgi Kodinov 2009-11-03 Bug #32167: another privilege bypass with DATA/INDEX DIRECTORY Fixed a initialization order remark by Serg : correct directory expansion order implemented on server startup. modified: sql/mysqld.cc === modified file 'sql/mysqld.cc' --- a/sql/mysqld.cc 2009-10-27 13:11:06 +0000 +++ b/sql/mysqld.cc 2009-11-03 13:49:13 +0000 @@ -7854,14 +7854,8 @@ static void fix_paths(void) pos[0]= FN_LIBCHAR; pos[1]= 0; } - convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS); - my_realpath(mysql_unpacked_real_data_home, mysql_real_data_home, MYF(0)); - mysql_unpacked_real_data_home_len= (int) strlen(mysql_unpacked_real_data_home); - if (mysql_unpacked_real_data_home[mysql_unpacked_real_data_home_len-1] == FN_LIBCHAR) - --mysql_unpacked_real_data_home_len; - - convert_dirname(language,language,NullS); + convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS); (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home); (void) my_load_path(pidfile_name,pidfile_name,mysql_real_data_home); @@ -7869,6 +7863,12 @@ static void fix_paths(void) "", ""); opt_plugin_dir_ptr= opt_plugin_dir; + my_realpath(mysql_unpacked_real_data_home, mysql_real_data_home, MYF(0)); + mysql_unpacked_real_data_home_len= + (int) strlen(mysql_unpacked_real_data_home); + if (mysql_unpacked_real_data_home[mysql_unpacked_real_data_home_len-1] == FN_LIBCHAR) + --mysql_unpacked_real_data_home_len; + char *sharedir=get_relative_path(SHAREDIR); if (test_if_hard_path(sharedir)) strmake(buff,sharedir,sizeof(buff)-1); /* purecov: tested */ --===============8320142432037164782== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/joro@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: joro@stripped # target_branch: file:///home/kgeorge/mysql/work/B32167-5.0-bugteam/ # testament_sha1: 617715d3ba6ac16aa1c4a8d37d319a6b598f8bf7 # timestamp: 2009-11-03 15:49:17 +0200 # base_revision_id: li-bing.song@stripped\ # zj7nedx6ok5jgges # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWR724A8AAcffgEAQWWf//3/v nGq////wUAR6F3tV63te3dne9u7q9wyQhMJlT8p7UYVN4mozUgNM1PJHo0zUGk0BJJUfpNTeU9E1 PQhoyDygAAAAAAJQQQaVN6MRoUepoGj1AaDQGhpoaZASSIptkp6mxNRpoaBoDQNGJpoAAAJKJkMg IyieBpok3pTanqABoaAABimvD0vuIT6OfAzsvedq1o4qVq0bHghBUP7qqlCzY+cQsQB0Hv/kXg0b oECIfLgY/ZzIGXqXMgmvUxGR7uO6eG+jh1Y4z1Mnecdzh3k/ixkKZFuQh5aBDUtdzAPZqX06Oi1t 7OdSXUkqszrBDfVNvUqvNavh02xcclSAQSgziLS/ICPWfMctlPWoT3UntFcr/J0ykj5GobV6aNhG WBIs80AAc1/la+RV1leCOIQHJVDAjhuG0mKQEFIkPH5ttC5JMnMwOTNRAaZOGSi9BEYjS8rkFDNI JuUqLj00pz9XhwFawbAbMNNgRHUtJ6HJFA8eRJS6wqhvJTKqjqwwKg4ZFuVLpCTtQaUIwEhlzSLj EiIwkIWFpHO3VTCIwjIqeDGkQNNhEqIH6JLyurZUT68S8kKq5DOOUMOzWm9xI7ZGVG7YxsM3Ltg8 YjHliiaSz+rZPXVHRccS0YFMy0z9vJ5eRHmE2uCT89Yi8Mca0yOCNVTSKxiskyUiUyU5fTmEYScW h44eVQi5zM1EJhpMnuHA/jzXMy9hrYLtYS+evwcYCvwaWpGVMN/0PRzPJiau/gOVFE6+nojpwZGP z0w42v/iu/t/ixknnya87/Uj8ePNvZ79bzIppffNa18m7aTYVOkC5xCMX4/OZzJRWuCgORzJUv9k lV3FJxCRL3jCxTuprI4JUB+bylGYlUemDt1iMby9qVlGAPgdg5tg7DQvO+1SBNKkRVCNe6sppSBF OTTCeLjSsJ7C4YqNDpH5iCkr1g0bhuKD1ybc05OQ9pi6geDVvuAfQNO7B3UH1EuTbN6dReQdBboI yHZycSwWdP1jHcDYdwVKI9AGNsBceouMY6QtN4LBSKw8JPSK8ZRW2thxvGrDM6D0C/IDUnfRS3fu DzLA5XGRiDM8nYl2C0Ba7JMgy0q2QE40bzVeGZ484hXzUk/4Nz3dBOxKUgBdZ15vc8vmakqVi+bv gYk0+sW8CcK3eDgFukosNSeVYEpEu/YcsqNuiKv1GcbA1kaqUh4n0XU7NTDBmV6sivRmsnkSs7/e Mk/3kfFidoXmhEGYUSyZwumEeCMDI6Vu5oCp4oyyzoZkMpoFqu0B/NwnMsIryR0JNOq2Sy4J0EVR CYsrXMCbfKHLOzopC6hwutuOO5erhNOUBa6V50IQGwGgXYwoSITV42E8NfacbIGljdTOKngfQqPb Ws7qs4pot9rgQnMHqRamRg0MSFVhjOjOJy7BknXFzq0oazCIlBRiDfyQ6kfkouW5HmJ+UdExGlDT cVbDKvV4VehMjylwcVEZUkqTZOPtE/fv+Hi0AwkiwGdT+AM0IkMaNwloAFI16sIxgDU92aBIYWhw nhIbjNpZ0sZW2TpkEXjds5pGVu4Klg/aKo/4u5IpwoSA97cAeA== --===============8320142432037164782==--