From e548c322c200d4e115793e52bfda7c314f9842e8 Mon Sep 17 00:00:00 2001
From: Kristofer Pettersson <kristofer.pettersson@oracle.com>
Date: Sun, 17 Oct 2010 13:00:13 +0200
Subject: [PATCH] Bug#57359 Possible to circumvent secure_file_priv using '..'
 on Windows

Where realpath(3) is used in Linux, mf_load_path is
used for Windows. This function doesn't however
correspond to the functionality of realpath.
This patch attempts to do better by using
the Windows function GetFullPathName() instead.
---
 mysys/my_symlink.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/mysys/my_symlink.c b/mysys/my_symlink.c
index 258e227bb7b..b57edd2179a 100644
--- a/mysys/my_symlink.c
+++ b/mysys/my_symlink.c
@@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
 #endif
 }
 
-
 /*
   Resolve all symbolic links in path
   'to' may be equal to 'filename'
@@ -146,8 +145,24 @@ int my_realpath(char *to, const char *filename,
     result= -1;
   }
   DBUG_RETURN(result);
+#else
+#ifdef _WIN32
+  int ret= GetFullPathName(filename,FN_REFLEN,
+                           to,
+                           NULL);
+  if (ret == 0 || ret > FN_REFLEN)
+  {
+    if (ret > FN_REFLEN)
+      my_errno= ENAMETOOLONG;
+    else
+      my_errno= EACCES;
+    if (MyFlags & MY_WME)
+      my_error(EE_REALPATH, MYF(0), filename, my_errno);
+	  return -1;
+  }
 #else
   my_load_path(to, filename, NullS);
+#endif
   return 0;
 #endif
 }