diff options
| author | unknown <kostja@dipika.(none)> | 2008-01-30 18:27:41 +0300 |
|---|---|---|
| committer | unknown <kostja@dipika.(none)> | 2008-01-30 18:27:41 +0300 |
| commit | 39509d64c370b5a309f1c905d847ea0f92921327 (patch) | |
| tree | c18d937702419bf7f5e2f8d1640b2c91669f16da /sql/sp_head.cc | |
| parent | 97355f4e0a39260b7c54f1ee688e4738f42a0166 (diff) | |
| download | mariadb-git-39509d64c370b5a309f1c905d847ea0f92921327.tar.gz | |
A fix and a test case for Bug#34166 Server crash in SHOW OPEN TABLES and
pre-locking.
The crash was caused by an implicit assumption in check_table_access() that
table_list parameter is always a part of lex->query_tables.
When iterating over the passed list of tables, check_table_access() used
to stop only when lex->query_tables_last_not_own was reached.
In case of pre-locking, lex->query_tables_last_own is not NULL and points
to some element of lex->query_tables. When the parameter
of check_table_access() was not part of lex->query_tables, loop invariant
could never be violated and a crash would happen when the current table
pointer would point beyond the end of the provided list.
The fix is to change the signature of check_table_access() to also accept
a numeric limit of loop iterations, similarly to check_grant(), and
supply this limit in all places when we want to check access of tables
that are outside lex->query_tables, or just want to check access to one table.
mysql-test/r/information_schema.result:
Update test results (Bug#34166).
mysql-test/t/information_schema.test:
Add a test case for Bug#34166.
sql/mysql_priv.h:
Change signature of check_table_access() to accept a numeric limit
of tables to check.
sql/sp_head.cc:
Update to the new signature of check_table_access().
sql/sql_acl.cc:
Improve code clarity: if there is a numeric limit, we should not need
to look at first_not_own_table.
sql/sql_base.cc:
Update to the new signature of check_table_access().
sql/sql_cache.cc:
Update to the new signature of check_table_access().
sql/sql_parse.cc:
Update to the new signature of check_table_access().
Change check_table_access() to accept an optional numeric limit of tables
to check. A crash would happen when check_table_access() was
passed a list of tables that is not part of lex->query_tables and
lex->query_tables_last_own was not NULL.
sql/sql_plugin.cc:
Update to the new signature of check_table_access().
sql/sql_prepare.cc:
Update to the new signature of check_table_access().
sql/sql_show.cc:
Update to the new signature of check_table_access().
Ensure that check_table_access() only checks access to the first
table in the table list when called from list_open_tables().
list_open_tables() supplies a table list that is created on stack,
whereas check_table_access() used to assume that the supplied list is a part
of thd->lex.
sql/sql_trigger.cc:
Update to the new signature of check_table_access().
sql/sql_view.cc:
Update to the new signature of check_table_access().
Diffstat (limited to 'sql/sp_head.cc')
| -rw-r--r-- | sql/sp_head.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sql/sp_head.cc b/sql/sp_head.cc index 74f5bf55828..036101021f5 100644 --- a/sql/sp_head.cc +++ b/sql/sp_head.cc @@ -2265,7 +2265,7 @@ bool check_show_routine_access(THD *thd, sp_head *sp, bool *full_access) bzero((char*) &tables,sizeof(tables)); tables.db= (char*) "mysql"; tables.table_name= tables.alias= (char*) "proc"; - *full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1) || + *full_access= (!check_table_access(thd, SELECT_ACL, &tables, 1, TRUE) || (!strcmp(sp->m_definer_user.str, thd->security_ctx->priv_user) && !strcmp(sp->m_definer_host.str, @@ -2712,7 +2712,7 @@ int sp_instr::exec_open_and_lock_tables(THD *thd, TABLE_LIST *tables) Check whenever we have access to tables for this statement and open and lock them before executing instructions core function. */ - if (check_table_access(thd, SELECT_ACL, tables, 0) + if (check_table_access(thd, SELECT_ACL, tables, UINT_MAX, FALSE) || open_and_lock_tables(thd, tables)) result= -1; else |