Commit 943543ba authored by unknown's avatar unknown
Browse files

Bug#21224: mysql_upgrade uses possibly insecure temporary files 

We open for writing a known location, which is exploitable with a symlink
attack.  Now, use the EXCLusive flag, so that the presence of anything at 
that location causes a failure.  Try once to open safely, and if failure 
then remove that location and try again to open safely.  If both fail, then
raise an error.


client/mysql_upgrade.c:
  Open the file with the O_EXCL flag, so that a symlink attack would not work.
  
  If opening it fails, try removing something at that location, and try again.
  If the second time fails, then abort as previous.
parent 698bd7c4

client/mysql_upgrade.c

+14 −2
Original line number Diff line number Diff line
@@ -149,17 +149,29 @@ static int create_defaults_file(const char *path, const char *our_defaults_path) 
  File our_defaults_file, defaults_file;

  char buffer[512];

  char *buffer_end;

  int failed_to_open_count= 0;

  int error;



  /* check if the defaults file is needed at all */

  if (!opt_password)

    return 0;



  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY,

retry_open:

  defaults_file= my_open(path, O_BINARY | O_CREAT | O_WRONLY | O_EXCL,

                         MYF(MY_FAE | MY_WME));



  if (defaults_file < 0)

  {

    if (failed_to_open_count == 0)

    {

      remove(path);

      failed_to_open_count+= 1;

      goto retry_open;

    }

    else

      return 1;

  }



  upgrade_defaults_created= 1;

  if (our_defaults_path)

  {