Commit c1ae672a authored by unknown's avatar unknown
Browse files

BUG# 9148: Denial of service 

The problem was that on Windows the access method indicates that access to file 
such as "com1" and "lpt1" is allowed (since they are device names) and
this causes mysql to attempt to open them as databases or tables.

The fix was to write our own my_access method that uses other Win32 functions
to determine if the given argument is indeed a file and has to requested
mode.


VC++Files/mysys/mysys.dsp:
  added my_access
VC++Files/mysys/mysys_ia64.dsp:
  added my_access.c
include/my_sys.h:
  if on windows, we use my_access.
  if not on windows, then my_access points to the native access method
mysys/Makefile.am:
  added my_access to mysys build file
mysys/mf_pack.c:
  changed call to access to my_access
sql/sql_db.cc:
  changed call to access to my_access
parent 25d661ad

VC++Files/mysys/mysys.dsp

+5 −0
Original line number Diff line number Diff line
@@ -186,6 +186,11 @@ SOURCE=.\array.c 
!ENDIF



# End Source File

 

# Begin Source File

SOURCE=".\my_access.c"

# End Source File

 

# Begin Source File



SOURCE=".\charset-def.c"

VC++Files/mysys/mysys_ia64.dsp

+7 −0
Original line number Diff line number Diff line
@@ -163,6 +163,13 @@ LIB32=link.exe -lib 
# Name "mysys - WinIA64 Max"

# Name "mysys - WinIA64 TLS_DEBUG"

# Name "mysys - WinIA64 TLS"



# Begin Source File



SOURCE=.\my_access.c



# End Source File

 

# Begin Source File



SOURCE=.\array.c

include/my_sys.h

+5 −0
Original line number Diff line number Diff line
@@ -573,6 +573,11 @@ extern char *_my_strdup_with_length(const byte *from, uint length, 
				    const char *sFile, uint uLine,

				    myf MyFlag);



#ifdef __WIN__

extern int my_access(const char *path, int amode);

#else

#define my_access access

#endif



#ifndef TERMINATE

extern void TERMINATE(FILE *file);

mysql-test/r/reserved_win_names.require

0 → 100644
+2 −0
Original line number Diff line number Diff line 
Variable_name	Value

lower_case_table_names 1

mysql-test/r/reserved_win_names.result

0 → 100644
+7 −0
Original line number Diff line number Diff line 
use COM1;

ERROR 42000: Unknown database 'com1'

use LPT1;

ERROR 42000: Unknown database 'lpt1'

use PRN;

ERROR 42000: Unknown database 'prn'