summaryrefslogtreecommitdiff
path: root/databases/mysql56-client/patches/patch-sql_sys__vars.cc
blob: e00335cfb56b26c755bb3c09ebe6bd2505e05ae3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
$NetBSD: patch-sql_sys__vars.cc,v 1.3 2019/01/20 18:04:49 maya Exp $

Backport of https://github.com/mysql/mysql-server/commit/98ed3d8bc8ad724686d26c7bf98dced3bd1777be
Avoid disclosure of files from a client to a malicious server, described here:
https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/

--- sql/sys_vars.cc.orig	2018-09-10 10:17:55.000000000 +0000
+++ sql/sys_vars.cc
@@ -1485,7 +1485,7 @@ static Sys_var_charptr Sys_language(
 
 static Sys_var_mybool Sys_local_infile(
        "local_infile", "Enable LOAD DATA LOCAL INFILE",
-       GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(TRUE));
+       GLOBAL_VAR(opt_local_infile), CMD_LINE(OPT_ARG), DEFAULT(FALSE));
 
 static Sys_var_ulong Sys_lock_wait_timeout(
        "lock_wait_timeout",