From 2eaabf06fc5a62104ecb597830b2852d71b0a111 Mon Sep 17 00:00:00 2001
From: Darek Slusarczyk <dariusz.slusarczyk@oracle.com>
Date: Mon, 11 Feb 2019 17:16:49 +0100
Subject: security fix - by default 'local infile' is disabled: - set default
 for mysqli.allow_local_infile=0 - explicitly disable
 PDO::MYSQL_ATTR_LOCAL_INFILE in case of lack of driver options - add
 getAttribute support for PDO::MYSQL_ATTR_LOCAL_INFILE - update existing tests
 where needed - add new tests [checking default value and setting on] the
 'local infile' in ext/mysqli and ext/pdo_mysql

---
 ext/mysqli/mysqli.c                                |  4 ++--
 ext/mysqli/tests/061.phpt                          |  2 ++
 ext/mysqli/tests/bug36745.phpt                     |  2 ++
 ext/mysqli/tests/bug53503.phpt                     |  2 ++
 ext/mysqli/tests/bug68077.phpt                     |  3 +++
 ext/mysqli/tests/mysqli_constants.phpt             |  2 ++
 ext/mysqli/tests/mysqli_get_client_stats.phpt      |  1 +
 ext/mysqli/tests/mysqli_info.phpt                  |  2 ++
 .../tests/mysqli_local_infile_default_off.phpt     | 26 ++++++++++++++++++++
 ext/mysqli/tests/mysqli_local_infile_set_on.phpt   | 28 ++++++++++++++++++++++
 ext/mysqli/tests/mysqli_real_connect.phpt          |  2 ++
 ext/mysqli/tests/mysqli_real_connect_pconn.phpt    |  1 +
 12 files changed, 73 insertions(+), 2 deletions(-)
 create mode 100644 ext/mysqli/tests/mysqli_local_infile_default_off.phpt
 create mode 100644 ext/mysqli/tests/mysqli_local_infile_set_on.phpt

(limited to 'ext/mysqli')

diff --git a/ext/mysqli/mysqli.c b/ext/mysqli/mysqli.c
index 8f3446952e..fff095f081 100644
--- a/ext/mysqli/mysqli.c
+++ b/ext/mysqli/mysqli.c
@@ -524,7 +524,7 @@ PHP_INI_BEGIN()
 	STD_PHP_INI_ENTRY("mysqli.default_socket",			NULL,	PHP_INI_ALL,		OnUpdateStringUnempty,	default_socket,	zend_mysqli_globals,		mysqli_globals)
 #endif
 	STD_PHP_INI_BOOLEAN("mysqli.reconnect",				"0",	PHP_INI_SYSTEM,		OnUpdateLong,		reconnect,			zend_mysqli_globals,		mysqli_globals)
-	STD_PHP_INI_BOOLEAN("mysqli.allow_local_infile",	"1",	PHP_INI_SYSTEM,		OnUpdateLong,		allow_local_infile,	zend_mysqli_globals,		mysqli_globals)
+	STD_PHP_INI_BOOLEAN("mysqli.allow_local_infile",	"0",	PHP_INI_SYSTEM,		OnUpdateLong,		allow_local_infile,	zend_mysqli_globals,		mysqli_globals)
 PHP_INI_END()
 /* }}} */
 
@@ -549,7 +549,7 @@ static PHP_GINIT_FUNCTION(mysqli)
 	mysqli_globals->reconnect = 0;
 	mysqli_globals->report_mode = 0;
 	mysqli_globals->report_ht = 0;
-	mysqli_globals->allow_local_infile = 1;
+	mysqli_globals->allow_local_infile = 0;
 #ifdef HAVE_EMBEDDED_MYSQLI
 	mysqli_globals->embedded = 1;
 #else
diff --git a/ext/mysqli/tests/061.phpt b/ext/mysqli/tests/061.phpt
index 5817d8230d..be2028b66e 100644
--- a/ext/mysqli/tests/061.phpt
+++ b/ext/mysqli/tests/061.phpt
@@ -17,6 +17,8 @@ if ($msg = check_local_infile_support($link, $engine))
 
 mysqli_close($link);
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	require_once("connect.inc");
diff --git a/ext/mysqli/tests/bug36745.phpt b/ext/mysqli/tests/bug36745.phpt
index 5e203e14eb..7a630afdc5 100644
--- a/ext/mysqli/tests/bug36745.phpt
+++ b/ext/mysqli/tests/bug36745.phpt
@@ -5,6 +5,8 @@ Bug #36745 (LOAD DATA LOCAL INFILE doesn't return correct error message)
 require_once('skipif.inc');
 require_once('skipifconnectfailure.inc');
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	require_once("connect.inc");
diff --git a/ext/mysqli/tests/bug53503.phpt b/ext/mysqli/tests/bug53503.phpt
index bb8d00109f..fea62fde79 100644
--- a/ext/mysqli/tests/bug53503.phpt
+++ b/ext/mysqli/tests/bug53503.phpt
@@ -15,6 +15,8 @@ if ($msg = check_local_infile_support($link, $engine))
 mysqli_close($link);
 
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	require_once("connect.inc");
diff --git a/ext/mysqli/tests/bug68077.phpt b/ext/mysqli/tests/bug68077.phpt
index 0652e68c9b..174599ab48 100644
--- a/ext/mysqli/tests/bug68077.phpt
+++ b/ext/mysqli/tests/bug68077.phpt
@@ -17,6 +17,9 @@ if ($msg = check_local_infile_support($link, $engine))
 mysqli_close($link);
 ?>
 --INI--
+mysqli.allow_local_infile=1
+mysqli.allow_persistent=1
+mysqli.max_persistent=1
 open_basedir=
 --FILE--
 <?php
diff --git a/ext/mysqli/tests/mysqli_constants.phpt b/ext/mysqli/tests/mysqli_constants.phpt
index cc5fa9f1c4..852210e754 100644
--- a/ext/mysqli/tests/mysqli_constants.phpt
+++ b/ext/mysqli/tests/mysqli_constants.phpt
@@ -6,6 +6,8 @@ require_once('skipif.inc');
 require_once('skipifemb.inc');
 require_once('skipifconnectfailure.inc');
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	require("connect.inc");
diff --git a/ext/mysqli/tests/mysqli_get_client_stats.phpt b/ext/mysqli/tests/mysqli_get_client_stats.phpt
index 4a6d9086a1..01dc31d096 100644
--- a/ext/mysqli/tests/mysqli_get_client_stats.phpt
+++ b/ext/mysqli/tests/mysqli_get_client_stats.phpt
@@ -12,6 +12,7 @@ if (!function_exists('mysqli_get_client_stats')) {
 --INI--
 mysqlnd.collect_statistics=1
 mysqlnd.collect_memory_statistics=1
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	/*
diff --git a/ext/mysqli/tests/mysqli_info.phpt b/ext/mysqli/tests/mysqli_info.phpt
index 5b8b2ea908..86ebe4fcde 100644
--- a/ext/mysqli/tests/mysqli_info.phpt
+++ b/ext/mysqli/tests/mysqli_info.phpt
@@ -6,6 +6,8 @@ require_once('skipif.inc');
 require_once('skipifemb.inc');
 require_once('skipifconnectfailure.inc');
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	require_once("connect.inc");
diff --git a/ext/mysqli/tests/mysqli_local_infile_default_off.phpt b/ext/mysqli/tests/mysqli_local_infile_default_off.phpt
new file mode 100644
index 0000000000..c2e8aa2dc8
--- /dev/null
+++ b/ext/mysqli/tests/mysqli_local_infile_default_off.phpt
@@ -0,0 +1,26 @@
+--TEST--
+ensure default for local infile is off
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--FILE--
+<?php
+require_once("connect.inc");
+
+$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
+$res = mysqli_query($link, 'SHOW VARIABLES LIKE "local_infile"');
+$row = mysqli_fetch_assoc($res);
+echo "server: ", $row['Value'], "\n";
+mysqli_free_result($res);
+mysqli_close($link);
+
+echo "connector: ", ini_get("mysqli.allow_local_infile"), "\n";
+
+print "done!\n";
+?>
+--EXPECTF--
+server: %s
+connector: 0
+done!
diff --git a/ext/mysqli/tests/mysqli_local_infile_set_on.phpt b/ext/mysqli/tests/mysqli_local_infile_set_on.phpt
new file mode 100644
index 0000000000..172d6dcb9b
--- /dev/null
+++ b/ext/mysqli/tests/mysqli_local_infile_set_on.phpt
@@ -0,0 +1,28 @@
+--TEST--
+enable local infile
+--SKIPIF--
+<?php
+require_once('skipif.inc');
+require_once('skipifconnectfailure.inc');
+?>
+--INI--
+mysqli.allow_local_infile=1
+--FILE--
+<?php
+require_once("connect.inc");
+
+$link = my_mysqli_connect($host, $user, $passwd, $db, $port, $socket);
+$res = mysqli_query($link, 'SHOW VARIABLES LIKE "local_infile"');
+$row = mysqli_fetch_assoc($res);
+echo "server: ", $row['Value'], "\n";
+mysqli_free_result($res);
+mysqli_close($link);
+
+echo "connector: ", ini_get("mysqli.allow_local_infile"), "\n";
+
+print "done!\n";
+?>
+--EXPECTF--
+server: %s
+connector: 1
+done!
diff --git a/ext/mysqli/tests/mysqli_real_connect.phpt b/ext/mysqli/tests/mysqli_real_connect.phpt
index 5477ea1745..be0a10b0bf 100644
--- a/ext/mysqli/tests/mysqli_real_connect.phpt
+++ b/ext/mysqli/tests/mysqli_real_connect.phpt
@@ -6,6 +6,8 @@ require_once('skipif.inc');
 require_once('skipifemb.inc');
 require_once('skipifconnectfailure.inc');
 ?>
+--INI--
+mysqli.allow_local_infile=1
 --FILE--
 <?php
 	include("connect.inc");
diff --git a/ext/mysqli/tests/mysqli_real_connect_pconn.phpt b/ext/mysqli/tests/mysqli_real_connect_pconn.phpt
index 4cc18198c6..0d1c4985f2 100644
--- a/ext/mysqli/tests/mysqli_real_connect_pconn.phpt
+++ b/ext/mysqli/tests/mysqli_real_connect_pconn.phpt
@@ -10,6 +10,7 @@ if (!$IS_MYSQLND)
 	die("skip mysqlnd only test");
 ?>
 --INI--
+mysqli.allow_local_infile=1
 mysqli.allow_persistent=1
 mysqli.max_persistent=10
 --FILE--
-- 
cgit v1.2.1