diff options
| author | Evgeny Potemkin <epotemkin@mysql.com> | 2008-09-05 14:44:16 +0400 |
|---|---|---|
| committer | Evgeny Potemkin <epotemkin@mysql.com> | 2008-09-05 14:44:16 +0400 |
| commit | b3f4648edd68d644171dd433d120d1ec19fdd0d5 (patch) | |
| tree | 37e191b95078e35cca1e041024aee31928a7fc58 /mysql-test/t/func_regexp.test | |
| parent | ac2e3a23591757e701b5b17f85b9d4c90d67b10d (diff) | |
| download | mariadb-git-b3f4648edd68d644171dd433d120d1ec19fdd0d5.tar.gz | |
Bug#37908: Skipped access right check caused server crash.
The check_table_access function initializes per-table grant info and performs
access rights check. It wasn't called for SHOW STATUS statement thus left
grants info uninitialized. In some cases this led to server crash. In other
cases it allowed a user to check for presence/absence of arbitrary values in
any tables.
Now the check_table_access function is called prior to the statement
processing.
mysql-test/r/status.result:
Added a test case for the bug#37908.
mysql-test/t/status.test:
Added a test case for the bug#37908.
sql/sql_parse.cc:
Bug#37908: Skipped access right check caused server crash.
Now the check_table_access function is called when the SHOW STATUS statement
uses any table except information.STATUS.
sql/sql_yacc.yy:
Bug#37908: Skipped access right check caused server crash.
For the SHOW PROCEDURE/FUNCTION STATUS the 'mysql.proc' table isn't added
to the table list anymore as there is no need.
Diffstat (limited to 'mysql-test/t/func_regexp.test')
0 files changed, 0 insertions, 0 deletions