merge 5.1-security->5.5-security

author: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2011-06-16 13:54:16 +0300
committer: Georgi Kodinov <Georgi.Kodinov@Oracle.com> 2011-06-16 13:54:16 +0300
commit: 0a07be0b2afce18853980a336362db514fd6d9e1 (patch)
tree: 890fcb9468d7e6fbaf14fd2b48ed78d80d2673b6 /sql
parent: 5cfac860bc52e2c0f3953f23564bcf613618ea0b (diff)
parent: f3b5aa7ad65d548177b158c23e7772033461e964 (diff)
download: mariadb-git-0a07be0b2afce18853980a336362db514fd6d9e1.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index a974998f207..6a1671b3653 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -8639,6 +8639,11 @@ function_call_generic:
             Create_func *builder;
             Item *item= NULL;
 
+            if (check_routine_name(&$1))
+            {
+              MYSQL_YYABORT;
+            }
+
             /*
               Implementation note:
               names are resolved with the following order:
@@ -8702,6 +8707,16 @@ function_call_generic:
               version() (a vendor can specify any schema).
             */
 
+            if (!$1.str || check_db_name(&$1))
+            {
+              my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
+              MYSQL_YYABORT;
+            }
+            if (check_routine_name(&$3))
+            {
+              MYSQL_YYABORT;
+            }
+
             builder= find_qualified_function_builder(thd);
             DBUG_ASSERT(builder);
             item= builder->create(thd, $1, $3, true, $5);
author	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2011-06-16 13:54:16 +0300
committer	Georgi Kodinov <Georgi.Kodinov@Oracle.com>	2011-06-16 13:54:16 +0300
commit	0a07be0b2afce18853980a336362db514fd6d9e1 (patch)
tree	890fcb9468d7e6fbaf14fd2b48ed78d80d2673b6 /sql
parent	5cfac860bc52e2c0f3953f23564bcf613618ea0b (diff)
parent	f3b5aa7ad65d548177b158c23e7772033461e964 (diff)
download	mariadb-git-0a07be0b2afce18853980a336362db514fd6d9e1.tar.gz