diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2016-08-03 20:56:24 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2016-08-03 20:56:24 +0200 |
| commit | 470f2598cca350b79531bf0b88463a47d94abec3 (patch) | |
| tree | 50238217a3e86ec472235755662149957c2f9e5f | |
| parent | 0214115c7f8007a325cf3466a5bc6680e575a119 (diff) | |
| download | mariadb-git-470f2598cca350b79531bf0b88463a47d94abec3.tar.gz | |
MDEV-10465 general_log_file can be abused
This issue was discovered by
Dawid Golunski (http://legalhackers.com)
5 files changed, 39 insertions, 0 deletions
diff --git a/mysql-test/suite/sys_vars/r/general_log_file_basic.result b/mysql-test/suite/sys_vars/r/general_log_file_basic.result index 369ef7844db..54b450a2fce 100644 --- a/mysql-test/suite/sys_vars/r/general_log_file_basic.result +++ b/mysql-test/suite/sys_vars/r/general_log_file_basic.result @@ -12,6 +12,12 @@ SET @@global.general_log_file = mytest.log; ERROR 42000: Incorrect argument type to variable 'general_log_file' SET @@global.general_log_file = 12; ERROR 42000: Incorrect argument type to variable 'general_log_file' +SET @@global.general_log_file = 'my.cnf'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of 'my.cnf' +SET @@global.general_log_file = '/tmp/my.cnf'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of '/tmp/my.cnf' +SET @@global.general_log_file = '.my.cnf'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' '#----------------------FN_DYNVARS_004_03------------------------#' SELECT @@global.general_log_file = VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES diff --git a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result index f45c568ff4a..e2ed7d63fdb 100644 --- a/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result +++ b/mysql-test/suite/sys_vars/r/slow_query_log_file_basic.result @@ -9,6 +9,12 @@ SET @@global.slow_query_log_file = mytest.log; ERROR 42000: Incorrect argument type to variable 'slow_query_log_file' SET @@global.slow_query_log_file = 12; ERROR 42000: Incorrect argument type to variable 'slow_query_log_file' +SET @@global.slow_query_log_file = 'my.cnf'; +ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of 'my.cnf' +SET @@global.slow_query_log_file = '/tmp/my.cnf'; +ERROR 42000: Variable 'slow_query_log_file' can't be set to the value of '/tmp/my.cnf' +SET @@global.general_log_file = '.my.cnf'; +ERROR 42000: Variable 'general_log_file' can't be set to the value of '.my.cnf' '#----------------------FN_DYNVARS_004_03------------------------#' SELECT @@global.slow_query_log_file = VARIABLE_VALUE FROM INFORMATION_SCHEMA.GLOBAL_VARIABLES diff --git a/mysql-test/suite/sys_vars/t/general_log_file_basic.test b/mysql-test/suite/sys_vars/t/general_log_file_basic.test index 12362fa123c..cdb2cc4b36e 100644 --- a/mysql-test/suite/sys_vars/t/general_log_file_basic.test +++ b/mysql-test/suite/sys_vars/t/general_log_file_basic.test @@ -58,6 +58,16 @@ SET @@global.general_log_file = mytest.log; --error ER_WRONG_TYPE_FOR_VAR SET @@global.general_log_file = 12; +# +# MDEV-10465 +# +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = 'my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = '/tmp/my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = '.my.cnf'; + --echo '#----------------------FN_DYNVARS_004_03------------------------#' ############################################################################## diff --git a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test index 28fc17f6077..835cb251e39 100644 --- a/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test +++ b/mysql-test/suite/sys_vars/t/slow_query_log_file_basic.test @@ -56,6 +56,16 @@ SET @@global.slow_query_log_file = mytest.log; --error ER_WRONG_TYPE_FOR_VAR SET @@global.slow_query_log_file = 12; +# +# MDEV-10465 +# +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.slow_query_log_file = 'my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.slow_query_log_file = '/tmp/my.cnf'; +--error ER_WRONG_VALUE_FOR_VAR +SET @@global.general_log_file = '.my.cnf'; + --echo '#----------------------FN_DYNVARS_004_03------------------------#' ############################################################################## # Check if the value in GLOBAL Tables matches values in variable # diff --git a/sql/sys_vars.cc b/sql/sys_vars.cc index bf7ed231d77..2ed5be3bf3b 100644 --- a/sql/sys_vars.cc +++ b/sql/sys_vars.cc @@ -3033,6 +3033,13 @@ static bool check_log_path(sys_var *self, THD *thd, set_var *var) return true; } + static const LEX_CSTRING my_cnf= { STRING_WITH_LEN("my.cnf") }; + if (val->length >= my_cnf.length) + { + if (strcasecmp(val->str + val->length - my_cnf.length, my_cnf.str) == 0) + return true; // log file name ends with "my.cnf" + } + char path[FN_REFLEN]; size_t path_length= unpack_filename(path, val->str); |