mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-27 09:14:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows

Browse source 
Where realpath(3) is used in Linux, mf_load_path is
used for Windows. This function doesn't however
correspond to the functionality of realpath.
This patch attempts to do better by using 
the Windows function GetFullPathName() instead.
This commit is contained in:
Kristofer Pettersson 2010-10-17 13:00:13 +02:00
parent b001a5224d
commit e548c322c2
1 changed files with 16 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
mysys/my_symlink.c
View file

@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
#endif #endif
} }
/* /*
Resolve all symbolic links in path Resolve all symbolic links in path
'to' may be equal to 'filename' 'to' may be equal to 'filename'
@ -146,8 +145,24 @@ int my_realpath(char *to, const char *filename,
result= -1; result= -1;
} }
DBUG_RETURN(result); DBUG_RETURN(result);
#else
#ifdef _WIN32
int ret= GetFullPathName(filename,FN_REFLEN,
to,
NULL);
if (ret == 0 || ret > FN_REFLEN)
{
if (ret > FN_REFLEN)
my_errno= ENAMETOOLONG;
else
my_errno= EACCES;
if (MyFlags & MY_WME)
my_error(EE_REALPATH, MYF(0), filename, my_errno);
return -1;
}
#else #else
my_load_path(to, filename, NullS); my_load_path(to, filename, NullS);
#endif
return 0; return 0;
#endif #endif
} }