mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-02-01 03:21:53 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/mysql-test/t/symlink-myisam-11902.test
Sergei Golubchik b27fd90ad3 MDEV-11902 mi_open race condition 
TOCTOU bug. The path is checked to be valid, symlinks are resolved.
Then the resolved path is opened. Between the check and the open,
there's a window when one can replace some path component with a
symlink, bypassing validity checks.

Fix: after we resolved all symlinks in the path, don't allow open()
to resolve symlinks, there should be none.

Compared to the old MyISAM/Aria code:
* fastpath. Opening of not-symlinked files is just one open(),
  no fn_format() and lstat() anymore.
* opening of symlinked tables doesn't do fn_format() and lstat() either.
  it also doesn't to realpath() (which was lstat-ing every path
  component), instead if opens every path component with O_PATH.
* share->data_file_name stores realpath(path) not readlink(path). So,
  SHOW CREATE TABLE needs to do lstat/readlink() now (see ::info()),
  and certain error messages (cannot open file "XXX") show the real
  file path with all symlinks resolved.
2017-02-27 12:35:10 +01:00

60 lines
1.9 KiB
Text
Raw Blame History

#
# MDEV-11902 mi_open race condition
#
source include/have_debug_sync.inc;
source include/have_symlink.inc;
source include/not_windows.inc;
call mtr.add_suppression("File.*t1.* not found");
create table mysql.t1 (a int, b char(16), index(a));
insert mysql.t1 values (100, 'test'),(101,'test');
let $datadir=`select @@datadir`;
exec mkdir $MYSQLTEST_VARDIR/tmp/foo;
replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR;
eval create table t1 (a int, b char(16), index(a))
data directory="$MYSQLTEST_VARDIR/tmp/foo";
insert t1 values (200, 'some'),(201,'some');
select * from t1;
flush tables;
set debug_sync='mi_open_datafile SIGNAL ok WAIT_FOR go';
send select * from t1;
connect con1, localhost, root;
set debug_sync='now WAIT_FOR ok';
exec rm -r $MYSQLTEST_VARDIR/tmp/foo;
exec ln -s $datadir/mysql $MYSQLTEST_VARDIR/tmp/foo;
set debug_sync='now SIGNAL go';
connection default;
replace_regex / '.*\/tmp\// 'MYSQLTEST_VARDIR\/tmp\// /31/20/;
error 29;
reap;
flush tables;
drop table if exists t1;
exec rm -r $MYSQLTEST_VARDIR/tmp/foo;
# same with INDEX DIRECTORY
exec mkdir $MYSQLTEST_VARDIR/tmp/foo;
replace_result $MYSQLTEST_VARDIR MYSQLTEST_VARDIR;
eval create table t1 (a int, b char(16), index (a))
index directory="$MYSQLTEST_VARDIR/tmp/foo";
insert t1 values (200, 'some'),(201,'some');
explain select a from t1;
select a from t1;
flush tables;
set debug_sync='mi_open_kfile SIGNAL waiting WAIT_FOR run';
send select a from t1;
connection con1;
set debug_sync='now WAIT_FOR waiting';
exec rm -r $MYSQLTEST_VARDIR/tmp/foo;
exec ln -s $datadir/mysql $MYSQLTEST_VARDIR/tmp/foo;
set debug_sync='now SIGNAL run';
connection default;
replace_regex / '.*\/tmp\// 'MYSQLTEST_VARDIR\/tmp\// /31/20/;
error ER_FILE_NOT_FOUND;
reap;
flush tables;
drop table if exists t1;
exec rm -r $MYSQLTEST_VARDIR/tmp/foo;
drop table mysql.t1;
set debug_sync='RESET';
Reference in a new issue View git blame Copy permalink