From 794a441317fa88b5561eb26224dfc1b454097a45 Mon Sep 17 00:00:00 2001
From: Kristofer Pettersson <kristofer.pettersson@sun.com>
Date: Fri, 16 Apr 2010 16:10:47 +0200
Subject: [PATCH] Bug#50373 --secure-file-priv=""

The server variable opt_secure_file_priv wasn't
normalized properly and caused the operations
LOAD DATA INFILE .. INTO TABLE ..
and
SELECT load_file(..)
to do different interpretations of the
--secure-file-priv option.

The patch moves code to the server initialization
routines so that the path always is normalized
once and only once.

It was also intended that setting the option
to an empty string should be equal to
lifting all previously set restrictions. This
is also fixed by this patch.


sql/mysqld.cc:
  * If --secure_file_option is an empty string then the option variable
    should be unset.
  * opt_secure_file_option should be normalized once when the server starts.
sql/sql_load.cc:
  * moved variable normalization code to fix_paths()
---
 .../suite/sys_vars/r/secure_file_priv.result  | 22 +++++++++++++++++++
 .../sys_vars/t/secure_file_priv-master.opt    |  1 +
 .../suite/sys_vars/t/secure_file_priv.test    | 21 ++++++++++++++++++
 sql/mysqld.cc                                 | 21 +++++++++++++++---
 sql/sql_load.cc                               |  4 +---
 5 files changed, 63 insertions(+), 6 deletions(-)
 create mode 100644 mysql-test/suite/sys_vars/r/secure_file_priv.result
 create mode 100644 mysql-test/suite/sys_vars/t/secure_file_priv-master.opt
 create mode 100644 mysql-test/suite/sys_vars/t/secure_file_priv.test

diff --git a/mysql-test/suite/sys_vars/r/secure_file_priv.result b/mysql-test/suite/sys_vars/r/secure_file_priv.result
new file mode 100644
index 00000000000..eeeb9a58c0f
--- /dev/null
+++ b/mysql-test/suite/sys_vars/r/secure_file_priv.result
@@ -0,0 +1,22 @@
+#
+# Bug50373 --secure-file-priv=""
+#
+CREATE TABLE t1 (c1 VARCHAR(50));
+INSERT INTO t1 VALUES ("one"),("two"),("three"),("four"),("five");
+SHOW VARIABLES LIKE 'secure_file_priv';
+Variable_name	Value
+secure_file_priv	
+c1
+one
+two
+three
+four
+five
+loaded_file
+one
+two
+three
+four
+five
+
+DROP TABLE t1;
diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv-master.opt b/mysql-test/suite/sys_vars/t/secure_file_priv-master.opt
new file mode 100644
index 00000000000..b41d9b04b96
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv-master.opt
@@ -0,0 +1 @@
+--secure_file_priv=''
diff --git a/mysql-test/suite/sys_vars/t/secure_file_priv.test b/mysql-test/suite/sys_vars/t/secure_file_priv.test
new file mode 100644
index 00000000000..7a534e7d6e4
--- /dev/null
+++ b/mysql-test/suite/sys_vars/t/secure_file_priv.test
@@ -0,0 +1,21 @@
+--echo #
+--echo # Bug50373 --secure-file-priv=""
+--echo #
+CREATE TABLE t1 (c1 VARCHAR(50));
+INSERT INTO t1 VALUES ("one"),("two"),("three"),("four"),("five");
+SHOW VARIABLES LIKE 'secure_file_priv';
+--disable_query_log
+# Atempt to create a file where we normally aren't allowed to create one.
+# Doing this in a portable manner is difficult but we should be able to
+# count on the depth of the directory hierarchy used. Three steps up from
+# the datadir is the 'mysql_test' directory.
+--let $PROTECTED_FILE=`SELECT concat(@@datadir,'/../../../bug50373.txt')`;
+--eval SELECT * FROM t1 INTO OUTFILE '$PROTECTED_FILE';
+DELETE FROM t1;
+--eval LOAD DATA INFILE '$PROTECTED_FILE' INTO TABLE t1;
+SELECT * FROM t1;
+--eval SELECT load_file('$PROTECTED_FILE') AS loaded_file;
+--enable_query_log
+remove_file $PROTECTED_FILE;
+DROP TABLE t1;
+
diff --git a/sql/mysqld.cc b/sql/mysqld.cc
index a483b9e2381..9b66bdbcdf5 100644
--- a/sql/mysqld.cc
+++ b/sql/mysqld.cc
@@ -8818,10 +8818,25 @@ static int fix_paths(void)
    */
   if (opt_secure_file_priv)
   {
-    convert_dirname(buff, opt_secure_file_priv, NullS);
-    my_free(opt_secure_file_priv, MYF(0));
-    opt_secure_file_priv= my_strdup(buff, MYF(MY_FAE));
+    if (*opt_secure_file_priv == 0)
+    {
+      opt_secure_file_priv= 0;
+    }
+    else
+    {
+      convert_dirname(buff, opt_secure_file_priv, NullS);
+      char *secure_file_real_path= (char *)my_malloc(FN_REFLEN, MYF(MY_FAE));
+      if (secure_file_real_path == 0 ||
+          my_realpath(secure_file_real_path, opt_secure_file_priv, 0))
+      {
+        sql_print_warning("Failed to normalize the argument for --secure-file-priv.");
+        return 1;
+      }
+      my_free(opt_secure_file_priv, MYF(0));
+      opt_secure_file_priv= secure_file_real_path;
+    }
   }
+  
   return 0;
 }
 
diff --git a/sql/sql_load.cc b/sql/sql_load.cc
index ee3b442c83a..869a52325ea 100644
--- a/sql/sql_load.cc
+++ b/sql/sql_load.cc
@@ -350,9 +350,7 @@ int mysql_load(THD *thd,sql_exchange *ex,TABLE_LIST *table_list,
       }
       else if (opt_secure_file_priv)
       {
-        char secure_file_real_path[FN_REFLEN];
-        (void) my_realpath(secure_file_real_path, opt_secure_file_priv, 0);
-        if (strncmp(secure_file_real_path, name, strlen(secure_file_real_path)))
+        if (strncmp(opt_secure_file_priv, name, strlen(opt_secure_file_priv)))
         {
           /* Read only allowed from within dir specified by secure_file_priv */
           my_error(ER_OPTION_PREVENTS_STATEMENT, MYF(0), "--secure-file-priv");