diff options
| author | Arun Kuruvila <arun.kuruvila@oracle.com> | 2015-04-28 14:56:55 +0530 |
|---|---|---|
| committer | Arun Kuruvila <arun.kuruvila@oracle.com> | 2015-04-28 14:56:55 +0530 |
| commit | fdae90dd11b6f1230f66d530f2d213599f58c760 (patch) | |
| tree | 56bde90911d741c6d2f9a8066ff814c701d975db /BUILD/compile-pentium64-gprof | |
| parent | c655515d1b52a16d5d074cd29a50c267c6c3db49 (diff) | |
| download | mariadb-git-fdae90dd11b6f1230f66d530f2d213599f58c760.tar.gz | |
Bug #20181776 :- ACCESS CONTROL DOESN'T MATCH MOST SPECIFIC
HOST WHEN IT CONTAINS WILDCARD
Description :- Incorrect access privileges are provided to a
user due to wrong sorting of users when wildcard characters
is present in the hostname.
Analysis :- Function "get_sorts()" is used to sort the
strings of user name, hostname, database name. It is used
to arrange the users in the access privilege matching order.
When a user connects, it checks in the sorted user access
privilege list and finds a corresponding matching entry for
the user. Algorithm used in "get_sort()" sorts the strings
inappropriately. As a result, when a user connects to the
server, it is mapped to incorrect user access privileges.
Algorithm used in "get_sort()" counts the number of
characters before the first occurence of any one of the
wildcard characters (single-wildcard character '_' or
multi-wildcard character '%') and sorts in that order.
As a result of inconnect sorting it treats hostname "%" and
"%.mysql.com" as equally-specific values and therefore
the order is indeterminate.
Fix:- The "get_sort()" algorithm has been modified to treat
"%" seperately. Now "get_sort()" returns a number which, if
sorted in descending order, puts strings in the following
order:-
* strings with no wildcards
* strings containg wildcards and non-wildcard characters
* single muilt-wildcard character('%')
* empty string.
Diffstat (limited to 'BUILD/compile-pentium64-gprof')
0 files changed, 0 insertions, 0 deletions