From 25e7bbfef506734f6ae3f71c383cec97063dc6a5 Mon Sep 17 00:00:00 2001 From: Honza Horak Date: Wed, 7 Jun 2017 16:01:09 +0200 Subject: [PATCH] Fix checking whether we can initialize the datadir Existance of .bash_history is ignored Every file is checked separately, so we don't get false negative check when *.err matches e.g. 'mysql test zzz.org.err' content Related: #1356897 --- mariadb.spec | 4 +++- mysql-prepare-db-dir.sh | 17 ++++++++++------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/mariadb.spec b/mariadb.spec index 8906e72..7ecf938 100644 --- a/mariadb.spec +++ b/mariadb.spec @@ -1403,8 +1403,10 @@ fi %changelog * Fri Jun 09 2017 Honza Horak - 3:10.1.24-3 - Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 +- Downstream script mariadb-prepare-db-dir fixed for CVE-2017-3265 Resolves: #1458940 +- Check properly that datadir includes only expected files + Related: #1356897 * Wed Jun 07 2017 Michal Schorm - 3:10.1.24-2 - Fixed incorrect Jemalloc initialization; #1459671 diff --git a/mysql-prepare-db-dir.sh b/mysql-prepare-db-dir.sh index b690f64..785ddc2 100644 --- a/mysql-prepare-db-dir.sh +++ b/mysql-prepare-db-dir.sh @@ -5,24 +5,27 @@ source "`dirname ${BASH_SOURCE[0]}`/mysql-scripts-common" +export LC_ALL=C + # Returns content of the specified directory # If listing files fails, fake-file is returned so which means # we'll behave like there was some data initialized +# Some files or directories are fine to be there, so those are +# explicitly removed from the listing # @param datadir -ls_check_datadir () +list_datadir () { - ls -A "$1" 2>/dev/null - test $? -eq 0 || echo "fake-file" + ( ls -1A "$1" 2>/dev/null || echo "fake-file" ) | grep -v \ + -e '^lost+found$' \ + -e '\.err$' \ + -e '^.bash_history$' } # Checks whether datadir should be initialized # @param datadir should_initialize () { - case `ls_check_datadir "$1"` in - ""|lost+found|*.err) true ;; - *) false ;; - esac + test -z "$(list_datadir "$1")" } # If two args given first is user, second is group