From eff07bf08e29afab76c7688ec063ef6881ee464f Mon Sep 17 00:00:00 2001
From: Sergei Golubchik <sergii@pisem.net>
Date: Tue, 4 Dec 2012 17:08:02 +0100
Subject: proactive s/strmov/strnmov/ in sql_acl.cc and related test cases

---
 mysql-test/t/grant_lowercase.test | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 mysql-test/t/grant_lowercase.test

(limited to 'mysql-test/t/grant_lowercase.test')

diff --git a/mysql-test/t/grant_lowercase.test b/mysql-test/t/grant_lowercase.test
new file mode 100644
index 00000000000..157e13449c2
--- /dev/null
+++ b/mysql-test/t/grant_lowercase.test
@@ -0,0 +1,30 @@
+# test cases for strmov(tmp_db, db) -> strnmov replacement in sql_acl.cc
+
+#
+# http://seclists.org/fulldisclosure/2012/Dec/4
+#
+
+# in acl_get(), check_grant_db(), mysql_grant()
+grant file on *.* to user1@localhost with grant option;
+grant select on `a%`.* to user1@localhost with grant option;
+connect (conn1,localhost,user1,,);
+connection conn1;
+--error ER_WRONG_DB_NAME
+grant file on aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.* to 'user'@'%' identified by 'secret';
+connection default;
+disconnect conn1;
+drop user user1@localhost;
+
+# in acl_load()
+call mtr.add_suppression("Incorrect database name");
+alter table mysql.host modify Db varchar(200);
+alter table mysql.db modify Db varchar(200);
+insert mysql.host set db=concat('=>', repeat(_utf8 'й', 200));
+insert mysql.db set db=concat('=>', repeat(_utf8 'й', 200));
+flush privileges; # shouldn't crash here
+delete from mysql.host where db like '=>%';
+delete from mysql.db where db like '=>%';
+alter table mysql.host modify Db char(64);
+alter table mysql.db modify Db char(64);
+flush privileges;
+
-- 
cgit v1.2.1