File mysql-5.0.67-CVE-2010-1626.patch of Package mysql
Index: myisam/mi_delete_table.c
===================================================================
--- myisam/mi_delete_table.c.orig
+++ myisam/mi_delete_table.c
@@ -19,6 +19,39 @@
#include "fulltext.h"
+/**
+ Remove MyISAM data/index file safely
+
+ @details
+ If name is a symlink and file it is pointing to is not in
+ data directory, file is also removed.
+
+ @param name file to remove
+
+ @returns
+ 0 on success or my_errno on failure
+*/
+
+static int _mi_safe_delete_file(const char *name)
+{
+ DBUG_ENTER("_mi_safe_delete_file");
+ if (my_is_symlink(name) && (*myisam_test_invalid_symlink)(name))
+ {
+ /*
+ Symlink is pointing to file in data directory.
+ Remove symlink, keep file.
+ */
+ if(my_delete(name, MYF(MY_WME)))
+ DBUG_RETURN(my_errno);
+ }
+ else
+ {
+ if (my_delete_with_symlink(name, MYF(MY_WME)))
+ DBUG_RETURN(my_errno);
+ }
+ DBUG_RETURN(0);
+}
+
int mi_delete_table(const char *name)
{
char from[FN_REFLEN];
@@ -58,12 +91,12 @@ int mi_delete_table(const char *name)
#endif /* USE_RAID */
fn_format(from,name,"",MI_NAME_IEXT,4);
- if (my_delete_with_symlink(from, MYF(MY_WME)))
+ if (_mi_safe_delete_file(from))
DBUG_RETURN(my_errno);
fn_format(from,name,"",MI_NAME_DEXT,4);
#ifdef USE_RAID
if (raid_type)
DBUG_RETURN(my_raid_delete(from, raid_chunks, MYF(MY_WME)) ? my_errno : 0);
#endif
- DBUG_RETURN(my_delete_with_symlink(from, MYF(MY_WME)) ? my_errno : 0);
+ DBUG_RETURN(_mi_safe_delete_file(from));
}
Index: mysql-test/r/symlink.result
===================================================================
--- mysql-test/r/symlink.result.orig
+++ mysql-test/r/symlink.result
@@ -164,4 +164,16 @@ ERROR HY000: Can't create/write to file
SET SESSION keep_files_on_create = FALSE;
CREATE TABLE t1 (a INT) ENGINE MYISAM;
DROP TABLE t1;
+#
+# BUG#40980 - Drop table can remove another MyISAM table's
+# data and index files
+#
+CREATE TABLE user(a INT) DATA DIRECTORY='MYSQL_TMP_DIR/mysql'
+ INDEX DIRECTORY='MYSQL_TMP_DIR/mysql';
+FLUSH TABLE user;
+# Symlinking mysql database to tmpdir
+FLUSH TABLE mysql.user;
+DROP TABLE user;
+FLUSH TABLE mysql.user;
+SELECT * FROM mysql.user;
End of 5.0 tests
Index: mysql-test/t/symlink.test
===================================================================
--- mysql-test/t/symlink.test.orig
+++ mysql-test/t/symlink.test
@@ -238,4 +238,26 @@ SET SESSION keep_files_on_create = FALSE
CREATE TABLE t1 (a INT) ENGINE MYISAM;
DROP TABLE t1;
+--echo #
+--echo # BUG#40980 - Drop table can remove another MyISAM table's
+--echo # data and index files
+--echo #
+--mkdir $MYSQL_TMP_DIR/mysql
+--replace_result $MYSQL_TMP_DIR MYSQL_TMP_DIR
+eval CREATE TABLE user(a INT) DATA DIRECTORY='$MYSQL_TMP_DIR/mysql'
+ INDEX DIRECTORY='$MYSQL_TMP_DIR/mysql';
+FLUSH TABLE user;
+--echo # Symlinking mysql database to tmpdir
+--remove_file $MYSQL_TMP_DIR/mysql/user.MYD
+--remove_file $MYSQL_TMP_DIR/mysql/user.MYI
+--rmdir $MYSQL_TMP_DIR/mysql
+--exec ln -s $MYSQLD_DATADIR/mysql $MYSQL_TMP_DIR/mysql
+FLUSH TABLE mysql.user;
+DROP TABLE user;
+FLUSH TABLE mysql.user;
+--disable_result_log
+SELECT * FROM mysql.user;
+--enable_result_log
+--remove_file $MYSQL_TMP_DIR/mysql
+
--echo End of 5.0 tests
