From 1f5dc357377fa26160160a54df24ef5343cab18e Mon Sep 17 00:00:00 2001 From: Luis Soares Date: Tue, 30 Nov 2010 23:32:51 +0000 Subject: BUG#46166: MYSQL_BIN_LOG::new_file_impl is not propagating error when generating new name. If find_uniq_filename returns an error, then this error is not being propagated upwards, and execution does not report error to the user (although a entry in the error log is generated). Additionally, some more errors were ignored in new_file_impl: - when writing the rotate event - when reopening the index and binary log file This patch addresses this by propagating the error up in the execution stack. Furthermore, when rotation of the binary log fails, an incident event is written, because there may be a chance that some changes for a given statement, were not properly logged. For example, in SBR, LOAD DATA INFILE statement requires more than one event to be logged, should rotation fail while logging part of the LOAD DATA events, then the logged data would become inconsistent with the data in the storage engine. mysql-test/include/restart_mysqld.inc: Refactored restart_mysqld so that it is not hardcoded for mysqld.1, but rather for the current server. mysql-test/suite/binlog/t/binlog_index.test: The error on open of index and binary log on new_file_impl is now caught. Thence the user will get an error message. We need to accomodate this change in the test case for the failing FLUSH LOGS. mysql-test/suite/rpl/t/rpl_binlog_errors-master.opt: Sets max_binlog_size to 4096. mysql-test/suite/rpl/t/rpl_binlog_errors.test: Added some test cases for asserting that the error is found and reported. sql/handler.cc: Catching error now returned by unlog (in ha_commit_trans) and returning it. sql/log.cc: Propagating errors from new_file_impl upwards. The errors that new_file_impl catches now are: - error on generate_new_name - error on writing the rotate event - error when opening the index or the binary log file. sql/log.h: Changing declaration of: - rotate_and_purge - new_file - new_file_without_locking - new_file_impl - unlog They now return int instead of void. sql/mysql_priv.h: Change signature of reload_acl_and_cache so that write_to_binlog is an int instead of bool. sql/mysqld.cc: Redeclaring not_used var as int instead of bool. sql/rpl_injector.cc: Changes to catch the return from rotate_and_purge. sql/slave.cc: Changes to catch the return values for new_file and rotate_relay_log. sql/slave.h: Changes to rotate_relay_log declaration (now returns int instead of void). sql/sql_load.cc: In SBR, some logging of LOAD DATA events goes through IO_CACHE_CALLBACK invocation at mf_iocache.c:_my_b_get. The IO_CACHE implementation is ignoring the return value for from these callbacks (pre_read and post_read), so we need to find out at the end of the execution if the error is set or not in THD. sql/sql_parse.cc: Catching the rotate_relay_log and rotate_and_purge return values. Semantic change in reload_acl_and_cache so that we report errors in binlog interactions through the write_to_binlog output parameter. If there was any failure while rotating the binary log, we should then report the error to the client when handling SQLCOMM_FLUSH. --- sql/sql_load.cc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sql/sql_load.cc') diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 4b68f2a3821..f2aedf5d0aa 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -567,6 +567,13 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, transactional_table, errcode); } + + /* + Flushing the IO CACHE while writing the execute load query log event + may result in error (for instance, because the max_binlog_size has been + reached, and rotation of the binary log failed). + */ + error= error || mysql_bin_log.get_log_file()->error; } if (error) goto err; -- cgit v1.2.1 From 7c8541f9e7a986b666b31bbe469e4162afc3129e Mon Sep 17 00:00:00 2001 From: Kristofer Pettersson Date: Thu, 16 Dec 2010 11:49:40 +0100 Subject: Bug58747 57359 patch: breaks secure_file_priv+not secure yet+still accesses other folders "load data infile .." allowed for access to unautohorized tables. Due to a faulty if-statement it was possible to circumvent the secure_file_priv restriction. mysql-test/mysql-test-run.pl: * Add SECURE_LOAD_PATH environment variable to mtr test cases. mysql-test/suite/sys_vars/r/secure_file_priv2.result: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2-master.opt: * add test for bug58747 mysql-test/suite/sys_vars/t/secure_file_priv2.test: * add test for bug58747 sql/sql_load.cc: * Correct faulty if-statement * fix indentation * move my_stat() block to after is_secure_file_path() check. --- sql/sql_load.cc | 85 +++++++++++++++++++++++++++++---------------------------- 1 file changed, 43 insertions(+), 42 deletions(-) (limited to 'sql/sql_load.cc') diff --git a/sql/sql_load.cc b/sql/sql_load.cc index 4b68f2a3821..a0f9ebbe39b 100644 --- a/sql/sql_load.cc +++ b/sql/sql_load.cc @@ -314,56 +314,57 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list, (void) fn_format(name, ex->file_name, mysql_real_data_home, "", MY_RELATIVE_PATH | MY_UNPACK_FILENAME | MY_RETURN_REAL_PATH); -#if !defined(__WIN__) && ! defined(__NETWARE__) - MY_STAT stat_info; - if (!my_stat(name,&stat_info,MYF(MY_WME))) - DBUG_RETURN(TRUE); - - // if we are not in slave thread, the file must be: - if (!thd->slave_thread && - !((stat_info.st_mode & S_IROTH) == S_IROTH && // readable by others - (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink - ((stat_info.st_mode & S_IFREG) == S_IFREG || - (stat_info.st_mode & S_IFIFO) == S_IFIFO))) - { - my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name); - DBUG_RETURN(TRUE); - } - if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) - is_fifo = 1; -#endif + } - if (thd->slave_thread) - { + if (thd->slave_thread) + { #if defined(HAVE_REPLICATION) && !defined(MYSQL_CLIENT) - if (strncmp(active_mi->rli.slave_patternload_file, name, - active_mi->rli.slave_patternload_file_size)) - { - /* - LOAD DATA INFILE in the slave SQL Thread can only read from - --slave-load-tmpdir". This should never happen. Please, report a bug. - */ - - sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \ - "Please, report a bug."); - my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir"); - DBUG_RETURN(TRUE); - } -#else + if (strncmp(active_mi->rli.slave_patternload_file, name, + active_mi->rli.slave_patternload_file_size)) + { /* - This is impossible and should never happen. + LOAD DATA INFILE in the slave SQL Thread can only read from + --slave-load-tmpdir". This should never happen. Please, report a bug. */ - DBUG_ASSERT(FALSE); -#endif - } - else if (!is_secure_file_path(name)) - { - /* Read only allowed from within dir specified by secure_file_priv */ - my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv"); + + sql_print_error("LOAD DATA INFILE in the slave SQL Thread can only read from --slave-load-tmpdir. " \ + "Please, report a bug."); + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--slave-load-tmpdir"); DBUG_RETURN(TRUE); } +#else + /* + This is impossible and should never happen. + */ + DBUG_ASSERT(FALSE); +#endif + } + else if (!is_secure_file_path(name)) + { + /* Read only allowed from within dir specified by secure_file_priv */ + my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv"); + DBUG_RETURN(TRUE); + } +#if !defined(__WIN__) && ! defined(__NETWARE__) + MY_STAT stat_info; + if (!my_stat(name,&stat_info,MYF(MY_WME))) + DBUG_RETURN(TRUE); + + // if we are not in slave thread, the file must be: + if (!thd->slave_thread && + !((stat_info.st_mode & S_IROTH) == S_IROTH && // readable by others + (stat_info.st_mode & S_IFLNK) != S_IFLNK && // and not a symlink + ((stat_info.st_mode & S_IFREG) == S_IFREG || + (stat_info.st_mode & S_IFIFO) == S_IFIFO))) + { + my_error(ER_TEXTFILE_NOT_READABLE, MYF(0), name); + DBUG_RETURN(TRUE); } + if ((stat_info.st_mode & S_IFIFO) == S_IFIFO) + is_fifo = 1; +#endif + if ((file=my_open(name,O_RDONLY,MYF(MY_WME))) < 0) DBUG_RETURN(TRUE); } -- cgit v1.2.1