Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F15518095
D19998.id47738.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
2 KB
Referenced Files
None
Subscribers
None
D19998.id47738.diff
View Options
diff --git a/src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php b/src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php
--- a/src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php
+++ b/src/aphront/storage/connection/mysql/AphrontMySQLiDatabaseConnection.php
@@ -64,6 +64,16 @@
$conn->options(MYSQLI_OPT_CONNECT_TIMEOUT, $timeout);
}
+ // See T13238. Attempt to prevent "LOAD DATA LOCAL", which allows a
+ // malicious server to ask the client for any file.
+
+ // NOTE: See T13238. Locally, this option does not actually appear to work;
+ // I can still "LOAD DATA INFILE LOCAL" with this option disabled. Only the
+ // PHP level configuration of "mysqli.allow_local_infile" is effective in
+ // preventing "LOAD DATA INFILE LOCAL".
+
+ $conn->options(MYSQLI_OPT_LOCAL_INFILE, false);
+
if ($this->getPersistent()) {
$host = 'p:'.$host;
}
@@ -122,7 +132,36 @@
return @$conn->reap_async_query();
}
- return @$conn->query($raw_query);
+ $trap = new PhutilErrorTrap();
+
+ $result = @$conn->query($raw_query);
+
+ $err = $trap->getErrorsAsString();
+ $trap->destroy();
+
+ // See T13238 and PHI1014. Sometimes, the call to "$conn->query()" may fail
+ // without setting an error code on the connection. One way to reproduce
+ // this is to use "LOAD DATA INFILE LOCAL" with "mysqli.allow_local_infile"
+ // disabled.
+
+ // If we have no result and no error code, raise a synthetic query error
+ // with whatever error message was raised as a local PHP warning.
+
+ if (!$result) {
+ $error_code = $this->getErrorCode($conn);
+ if (!$error_code) {
+ if (strlen($err)) {
+ $message = $err;
+ } else {
+ $message = pht(
+ 'Call to "mysqli->query()" failed, but did not set an error '.
+ 'code or emit an error message.');
+ }
+ $this->throwQueryCodeException(777777, $message);
+ }
+ }
+
+ return $result;
}
protected function rawQueries(array $raw_queries) {
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Sun, Apr 20, 10:52 AM (1 w, 14 h ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
7799932
Default Alt Text
D19998.id47738.diff (2 KB)
Attached To
Mode
D19998: Set MYSQLI_OPT_LOCAL_INFILE (which appears to have no effect) and raise unusual query errors more clearly
Attached
Detach File
Event Timeline
Log In to Comment