Fix for CVE-2008-2079.

PR: ports/127731 Submitted by: Andrew Daugherity <adaugherity@tamu.edu>
svn path=/head/; revision=221402
2024-11-24 00:45:52 +00:00 · 2008-10-10 19:01:11 +00:00 · 2008-10-10 19:01:11 +00:00 · 7dece2bbc3 · 2021-03-31 03:12:20 +00:00
commit 7dece2bbc3
parent 445b1db5c9
4 changed files with 115 additions and 1 deletions
--- a/databases/mysql41-server/Makefile
+++ b/databases/mysql41-server/Makefile
@ -7,7 +7,7 @@

 PORTNAME?=	mysql
 PORTVERSION=	4.1.22
-PORTREVISION?=	0
+PORTREVISION?=	1
 CATEGORIES=	databases
 MASTER_SITES=	${MASTER_SITE_MYSQL}
 MASTER_SITE_SUBDIR=	MySQL-4.1
--- a/databases/mysql41-server/files/patch-sql::mysqld.cc
+++ b/databases/mysql41-server/files/patch-sql::mysqld.cc
@ -9,3 +9,24 @@
 #include <syslog.h>
 #ifdef NEED_SYS_SYSLOG_H
 #include <sys/syslog.h>
+--- sql/mysqld.cc	2007-11-29 10:52:36 +0000
+++ sql/mysqld.cc	2008-02-29 09:55:00 +0000
+@@ -390,6 +390,7 @@
+ char compiled_default_collation_name[]= MYSQL_DEFAULT_COLLATION_NAME;
+ char *language_ptr, *default_collation_name, *default_character_set_name;
+ char mysql_data_home_buff[2], *mysql_data_home=mysql_real_data_home;
+char mysql_unpacked_real_data_home[FN_REFLEN];
+ struct passwd *user_info;
+ char server_version[SERVER_VERSION_LENGTH];
+ char *mysqld_unix_port, *opt_mysql_tmpdir;
+@@ -6896,6 +6897,9 @@
+     pos[1]= 0;
+   }
+   convert_dirname(mysql_real_data_home,mysql_real_data_home,NullS);
+  (void) fn_format(buff, mysql_real_data_home, "", "",
+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+  (void) unpack_dirname(mysql_unpacked_real_data_home, buff);
+   convert_dirname(language,language,NullS);
+   (void) my_load_path(mysql_home,mysql_home,""); // Resolve current dir
+   (void) my_load_path(mysql_real_data_home,mysql_real_data_home,mysql_home);
+
--- a/databases/mysql41-server/files/patch-sql_mysql_priv.h
+++ b/databases/mysql41-server/files/patch-sql_mysql_priv.h
@ -0,0 +1,11 @@
+--- sql/mysql_priv.h	2007-11-09 12:05:01 +0000
+++ sql/mysql_priv.h	2008-02-29 09:55:00 +0000
+@@ -890,6 +890,7 @@
+ extern time_t start_time;
+ extern char *mysql_data_home,server_version[SERVER_VERSION_LENGTH],
+ 	    mysql_real_data_home[], *opt_mysql_tmpdir, mysql_charsets_dir[],
+	    mysql_unpacked_real_data_home[],
+             def_ft_boolean_syntax[sizeof(ft_boolean_syntax)];
+ #define mysql_tmpdir (my_tmpdir(&mysql_tmpdir_list))
+ extern MY_TMPDIR mysql_tmpdir_list;
+
--- a/databases/mysql41-server/files/patch-sql_sql_parse.cc
+++ b/databases/mysql41-server/files/patch-sql_sql_parse.cc
@ -0,0 +1,82 @@
+--- sql/sql_parse.cc	2007-06-12 12:47:36 +0000
+++ sql/sql_parse.cc	2008-02-29 09:55:00 +0000
+@@ -65,7 +65,8 @@
+ 			       const char *table_name);
+              
+ static TABLE_LIST* get_table_by_alias(TABLE_LIST* tl, const char* db,
+-  const char* alias);      
+  const char* alias);
+static bool test_if_data_home_dir(const char *dir);
+ 
+ const char *any_db="*any*";	// Special symbol for check_access
+ 
+@@ -2531,6 +2532,20 @@
+                    "INDEX DIRECTORY option ignored");
+     create_info.data_file_name= create_info.index_file_name= NULL;
+ #else
+
+    if (test_if_data_home_dir(lex->create_info.data_file_name))
+    {
+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"DATA DIRECORY");
+      res= -1;
+      break;
+    }
+    if (test_if_data_home_dir(lex->create_info.index_file_name))
+    {
+      my_error(ER_WRONG_ARGUMENTS,MYF(0),"INDEX DIRECORY");
+      res= -1;
+      break;
+    }
+
+     /* Fix names if symlinked tables */
+     if (append_file_to_dir(thd, &create_info.data_file_name,
+ 			   create_table->real_name) ||
+@@ -5920,3 +5935,47 @@
+     return negated;
+   return new Item_func_not(expr);
+ }
+
+
+/*
+  Check if path does not contain mysql data home directory
+
+  SYNOPSIS
+    test_if_data_home_dir()
+    dir                     directory
+    conv_home_dir           converted data home directory
+    home_dir_len            converted data home directory length
+
+  RETURN VALUES
+    0	ok
+    1	error  
+*/
+
+static bool test_if_data_home_dir(const char *dir)
+{
+  char path[FN_REFLEN], conv_path[FN_REFLEN];
+  uint dir_len, home_dir_len= strlen(mysql_unpacked_real_data_home);
+  DBUG_ENTER("test_if_data_home_dir");
+
+  if (!dir)
+    DBUG_RETURN(0);
+
+  (void) fn_format(path, dir, "", "",
+                   (MY_RETURN_REAL_PATH|MY_RESOLVE_SYMLINKS));
+  dir_len= unpack_dirname(conv_path, dir);
+
+  if (home_dir_len <= dir_len)
+  {
+    if (lower_case_file_system)
+    {
+      if (!my_strnncoll(default_charset_info, (const uchar*) conv_path,
+                        home_dir_len,
+                        (const uchar*) mysql_unpacked_real_data_home,
+                        home_dir_len))
+        DBUG_RETURN(1);
+    }
+    else if (!memcmp(conv_path, mysql_unpacked_real_data_home, home_dir_len))
+      DBUG_RETURN(1);
+  }
+  DBUG_RETURN(0);
+}
+