diff options
| author | Evgeny Potemkin <epotemkin@mysql.com> | 2008-09-05 14:44:16 +0400 |
|---|---|---|
| committer | Evgeny Potemkin <epotemkin@mysql.com> | 2008-09-05 14:44:16 +0400 |
| commit | 1588c116babefd50672c912dc6bb059d8eb6587f (patch) | |
| tree | 37e191b95078e35cca1e041024aee31928a7fc58 /mysql-test/r/status.result | |
| parent | dbbb48c3c7295539a3fc1a71e21f5649ee02637b (diff) | |
| download | mariadb-git-1588c116babefd50672c912dc6bb059d8eb6587f.tar.gz | |
Bug#37908: Skipped access right check caused server crash.
The check_table_access function initializes per-table grant info and performs
access rights check. It wasn't called for SHOW STATUS statement thus left
grants info uninitialized. In some cases this led to server crash. In other
cases it allowed a user to check for presence/absence of arbitrary values in
any tables.
Now the check_table_access function is called prior to the statement
processing.
mysql-test/r/status.result:
Added a test case for the bug#37908.
mysql-test/t/status.test:
Added a test case for the bug#37908.
sql/sql_parse.cc:
Bug#37908: Skipped access right check caused server crash.
Now the check_table_access function is called when the SHOW STATUS statement
uses any table except information.STATUS.
sql/sql_yacc.yy:
Bug#37908: Skipped access right check caused server crash.
For the SHOW PROCEDURE/FUNCTION STATUS the 'mysql.proc' table isn't added
to the table list anymore as there is no need.
Diffstat (limited to 'mysql-test/r/status.result')
| -rw-r--r-- | mysql-test/r/status.result | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/mysql-test/r/status.result b/mysql-test/r/status.result index b6f855d96cb..97547ff7c47 100644 --- a/mysql-test/r/status.result +++ b/mysql-test/r/status.result @@ -180,3 +180,21 @@ Variable_name Value Com_alter_function 0 Com_create_function 1 Com_drop_function 1 +create database db37908; +create table db37908.t1(f1 int); +insert into db37908.t1 values(1); +grant usage,execute on test.* to mysqltest_1@localhost; +create procedure proc37908() begin select 1; end | +create function func37908() returns int sql security invoker +return (select * from db37908.t1 limit 1)| +select * from db37908.t1; +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' +show status where variable_name ='uptime' and 2 in (select * from db37908.t1); +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' +show procedure status where name ='proc37908' and 1 in (select f1 from db37908.t1); +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' +show function status where name ='func37908' and 1 in (select func37908()); +ERROR 42000: SELECT command denied to user 'mysqltest_1'@'localhost' for table 't1' +drop database db37908; +drop procedure proc37908; +drop function func37908; |