Bug#57359 Possible to circumvent secure_file_priv using '..' on Windows
Where realpath(3) is used in Linux, mf_load_path is used for Windows. This function doesn't however correspond to the functionality of realpath. This patch attempts to do better by using the Windows function GetFullPathName() instead.
This commit is contained in:
Kristofer Pettersson
parent
b001a5224d
commit
e548c322c2
@ -113,7 +113,6 @@ int my_is_symlink(const char *filename __attribute__((unused)))
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
Resolve all symbolic links in path
|
||||
'to' may be equal to 'filename'
|
||||
@ -146,8 +145,24 @@ int my_realpath(char *to, const char *filename,
|
||||
result= -1;
|
||||
}
|
||||
DBUG_RETURN(result);
|
||||
#else
|
||||
#ifdef _WIN32
|
||||
int ret= GetFullPathName(filename,FN_REFLEN,
|
||||
to,
|
||||
NULL);
|
||||
if (ret == 0 || ret > FN_REFLEN)
|
||||
{
|
||||
if (ret > FN_REFLEN)
|
||||
my_errno= ENAMETOOLONG;
|
||||
else
|
||||
my_errno= EACCES;
|
||||
if (MyFlags & MY_WME)
|
||||
my_error(EE_REALPATH, MYF(0), filename, my_errno);
|
||||
return -1;
|
||||
}
|
||||
#else
|
||||
my_load_path(to, filename, NullS);
|
||||
#endif
|
||||
return 0;
|
||||
#endif
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user