Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 138867 Details for
Bug 201669
dev-db/mysql < 5.0.54 dev-db/mysql-community <5.0.51a RENAME TABLE system table replace (CVE-2007-{5969,6303,6304})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
CVE-2007-5969.dpatch
CVE-2007-5969.dpatch (text/plain), 2.59 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-19 02:46:39 UTC
(
hide
)
Description:
CVE-2007-5969.dpatch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-19 02:46:39 UTC
Size:
2.59 KB
patch
obsolete
>Index: mysql/mysql-test/r/symlink.result >=================================================================== >--- mysql.orig/mysql-test/r/symlink.result >+++ mysql/mysql-test/r/symlink.result >@@ -99,6 +99,12 @@ t1 CREATE TABLE `t1` ( > `b` int(11) default NULL > ) ENGINE=MyISAM DEFAULT CHARSET=latin1 > drop table t1; >+CREATE TABLE t1(a INT) >+DATA DIRECTORY='TEST_DIR/master-data/mysql' >+INDEX DIRECTORY='TEST_DIR/master-data/mysql'; >+RENAME TABLE t1 TO user; >+ERROR HY000: Can't create/write to file 'TEST_DIR/master-data/mysql/user.MYI' (Errcode: 17) >+DROP TABLE t1; > show create table t1; > Table Create Table > t1 CREATE TABLE `t1` ( >Index: mysql/mysql-test/t/symlink.test >=================================================================== >--- mysql.orig/mysql-test/t/symlink.test >+++ mysql/mysql-test/t/symlink.test >@@ -125,6 +125,18 @@ show create table t1; > drop table t1; > > # >+# BUG#32111 - Security Breach via DATA/INDEX DIRECORY and RENAME TABLE >+# >+--replace_result $MYSQLTEST_VARDIR TEST_DIR >+eval CREATE TABLE t1(a INT) >+DATA DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql' >+INDEX DIRECTORY='$MYSQLTEST_VARDIR/master-data/mysql'; >+--replace_result $MYSQLTEST_VARDIR TEST_DIR >+--error 1 >+RENAME TABLE t1 TO user; >+DROP TABLE t1; >+ >+# > # Test specifying DATA DIRECTORY that is the same as what would normally > # have been chosen. (Bug #8707) > # >Index: mysql/mysys/my_symlink2.c >=================================================================== >--- mysql.orig/mysys/my_symlink2.c >+++ mysql/mysys/my_symlink2.c >@@ -124,6 +124,7 @@ int my_rename_with_symlink(const char *f > int was_symlink= (!my_disable_symlinks && > !my_readlink(link_name, from, MYF(0))); > int result=0; >+ int name_is_different; > DBUG_ENTER("my_rename_with_symlink"); > > if (!was_symlink) >@@ -132,6 +133,14 @@ int my_rename_with_symlink(const char *f > /* Change filename that symlink pointed to */ > strmov(tmp_name, to); > fn_same(tmp_name,link_name,1); /* Copy dir */ >+ name_is_different= strcmp(link_name, tmp_name); >+ if (name_is_different && !access(tmp_name, F_OK)) >+ { >+ my_errno= EEXIST; >+ if (MyFlags & MY_WME) >+ my_error(EE_CANTCREATEFILE, MYF(0), tmp_name, EEXIST); >+ DBUG_RETURN(1); >+ } > > /* Create new symlink */ > if (my_symlink(tmp_name, to, MyFlags)) >@@ -143,7 +152,7 @@ int my_rename_with_symlink(const char *f > the same basename and different directories. > */ > >- if (strcmp(link_name, tmp_name) && my_rename(link_name, tmp_name, MyFlags)) >+ if (name_is_different && my_rename(link_name, tmp_name, MyFlags)) > { > int save_errno=my_errno; > my_delete(to, MyFlags); /* Remove created symlink */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=138867">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 201669
: 138867 |
138868
|
138869
