From 2cac8f07682491c20b0419cbdb4fe5b164472094 Mon Sep 17 00:00:00 2001 From: "serg@serg.mylan" <> Date: Tue, 22 Jul 2003 22:21:23 +0200 Subject: now GRANT db.* ... compares patterns correctly to prevent privilege escalation --- sql/sql_parse.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 9e670a97e92..820bf3d73cc 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3254,7 +3254,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, if (!(thd->master_access & SELECT_ACL) && (db && (!thd->db || strcmp(db,thd->db)))) db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr, - thd->priv_user, db); /* purecov: inspected */ + thd->priv_user, db, test(want_access & GRANT_ACL)); *save_priv=thd->master_access | db_access; DBUG_RETURN(FALSE); } @@ -3274,7 +3274,7 @@ check_access(THD *thd, ulong want_access, const char *db, ulong *save_priv, if (db && (!thd->db || strcmp(db,thd->db))) db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr, - thd->priv_user, db); /* purecov: inspected */ + thd->priv_user, db, test(want_access & GRANT_ACL)); else db_access=thd->db_access; // Remove SHOW attribute and access rights we already have -- cgit v1.2.1 From 6dea500fb242d0df587d5b9868fc8fa61dd12c84 Mon Sep 17 00:00:00 2001 From: "bell@sanja.is.com.ua" <> Date: Tue, 29 Jul 2003 16:59:46 +0300 Subject: prevented finding references in item_list for non-SELECT st_select_lex (fixed BUG#943) --- sql/sql_parse.cc | 2 ++ 1 file changed, 2 insertions(+) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 820bf3d73cc..9a62607bf93 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -3550,6 +3550,7 @@ mysql_new_select(LEX *lex, bool move_down) unit->link_prev= 0; unit->return_to= lex->current_select; select_lex->include_down(unit); + // TODO: assign resolve_mode for fake subquery after merging with new tree } else select_lex->include_neighbour(lex->current_select); @@ -3557,6 +3558,7 @@ mysql_new_select(LEX *lex, bool move_down) select_lex->master_unit()->global_parameters= select_lex; select_lex->include_global((st_select_lex_node**)&lex->all_selects_list); lex->current_select= select_lex; + select_lex->resolve_mode= SELECT_LEX::SELECT_MODE; return 0; } -- cgit v1.2.1 From e423faafb4c5bc9f7491eec45a61d3db3da0e585 Mon Sep 17 00:00:00 2001 From: "bar@bar.mysql.r18.ru" <> Date: Wed, 30 Jul 2003 17:51:42 +0500 Subject: Database name and national characters fixes. --- sql/sql_parse.cc | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 820bf3d73cc..720017f399f 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -549,6 +549,7 @@ check_connections(THD *thd) char *end, *user, *passwd, *db; char prepared_scramble[SCRAMBLE41_LENGTH+4]; /* Buffer for scramble&hash */ ACL_USER* cached_user=NULL; /* Initialise to NULL for first stage */ + String convdb; DBUG_PRINT("info",("New connection received on %s", vio_description(net->vio))); @@ -724,7 +725,12 @@ check_connections(THD *thd) db=0; using_password= test(passwd[0]); if (thd->client_capabilities & CLIENT_CONNECT_WITH_DB) + { db=strend(passwd)+1; + convdb.copy(db, strlen(db), + thd->variables.character_set_client, system_charset_info); + db= convdb.c_ptr(); + } /* We can get only old hash at this point */ if (using_password && strlen(passwd) != SCRAMBLE_LENGTH) @@ -1125,10 +1131,15 @@ bool dispatch_command(enum enum_server_command command, THD *thd, thd->lex.select_lex.options=0; // We store status here switch (command) { case COM_INIT_DB: - statistic_increment(com_stat[SQLCOM_CHANGE_DB],&LOCK_status); - if (!mysql_change_db(thd,packet)) - mysql_log.write(thd,command,"%s",thd->db); - break; + { + String convname; + statistic_increment(com_stat[SQLCOM_CHANGE_DB],&LOCK_status); + convname.copy(packet, strlen(packet), + thd->variables.character_set_client, system_charset_info); + if (!mysql_change_db(thd,convname.c_ptr())) + mysql_log.write(thd,command,"%s",thd->db); + break; + } #ifndef EMBEDDED_LIBRARY case COM_REGISTER_SLAVE: { -- cgit v1.2.1