MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:andrey Date:February 22 2008 5:45pm
Subject:bk commit into 5.1 tree (andrey:1.2576) BUG#29605
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of andrey.  When andrey does a push these changes
will be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2008-02-22 18:45:45+01:00, andrey@stripped +3 -0
  Fix for Bug#29605
  --local-infile=0 checks can be bypassed by sending a FETCH LOCAL FILE response
    
  Add a check for CLIENT_LOCAL_FILES before sending a local file.
  Beware, that all binary distributions enable sending of local files and it's up
  to the programs which use libmysql to disable it, if they don't use this functionality.
  Otherwise they are not safe.

  client/mysqltest.c@stripped, 2008-02-22 18:45:43+01:00, andrey@stripped +2 -0
    Enable LOAD DATA LOCAL INFILE for the test suite, like some rpl and ndb test.

  sql-common/client.c@stripped, 2008-02-22 18:45:43+01:00, andrey@stripped +9 -1
    Check if the client has LOAD DATA LOCAL INFILE disabled and
    don't serve such requests from the server. This is not 100% proof,
    as if the client has this enabled, in all binary builds for BC,
    the check won't work and the client can be tricked into sending a
    local file.

  tests/mysql_client_test.c@stripped, 2008-02-22 18:45:43+01:00, andrey@stripped +2 -0
    Switch on LOCAL INFILE in client test. If one day there
    is a test which uses it, then it will work out of the box.

diff -Nrup a/client/mysqltest.c b/client/mysqltest.c
--- a/client/mysqltest.c	2008-02-07 21:53:01 +01:00
+++ b/client/mysqltest.c	2008-02-22 18:45:43 +01:00
@@ -6333,6 +6333,8 @@ int util_query(MYSQL* org_mysql, const c
     if (!(mysql= mysql_init(mysql)))
       die("Failed in mysql_init()");
 
+    /* enable local infile, in non-binary builds often disabled by default */
+    mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, 0);
     safe_connect(mysql, "util", org_mysql->host, org_mysql->user,
                  org_mysql->passwd, org_mysql->db, org_mysql->port,
                  org_mysql->unix_socket);
diff -Nrup a/sql-common/client.c b/sql-common/client.c
--- a/sql-common/client.c	2008-02-08 16:55:04 +01:00
+++ b/sql-common/client.c	2008-02-22 18:45:43 +01:00
@@ -2736,7 +2736,15 @@ get_info:
 #ifdef MYSQL_CLIENT
   if (field_count == NULL_LENGTH)		/* LOAD DATA LOCAL INFILE */
   {
-    int error=handle_local_infile(mysql,(char*) pos);
+    int error;
+
+    if (!(mysql->options.client_flag & CLIENT_LOCAL_FILES))
+    {
+      set_mysql_error(mysql, CR_MALFORMED_PACKET, unknown_sqlstate);
+      DBUG_RETURN(1);
+    }   
+
+    error= handle_local_infile(mysql,(char*) pos);
     if ((length= cli_safe_read(mysql)) == packet_error || error)
       DBUG_RETURN(1);
     goto get_info;				/* Get info packet */
diff -Nrup a/tests/mysql_client_test.c b/tests/mysql_client_test.c
--- a/tests/mysql_client_test.c	2008-02-21 02:30:27 +01:00
+++ b/tests/mysql_client_test.c	2008-02-22 18:45:43 +01:00
@@ -289,6 +289,8 @@ static void client_connect(ulong flag)
     myerror("mysql_init() failed");
     exit(1);
   }
+  /* enable local infile, in non-binary builds often disabled by default */
+  mysql_options(mysql, MYSQL_OPT_LOCAL_INFILE, 0);
 
   if (!(mysql_real_connect(mysql, opt_host, opt_user,
                            opt_password, opt_db ? opt_db:"test", opt_port,
Thread
bk commit into 5.1 tree (andrey:1.2576) BUG#29605andrey22 Feb