database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#35600: Security breach via view, I_S table and prepared

Browse Source 
statement/stored procedure

View privileges are properly checked after the fix for bug no 
36086, so the method TABLE_LIST::get_db_name() must be used 
instead of field TABLE_LIST::db, as this only works for tables.
Bug appears when accessing views in prepared statements.
This commit is contained in:
Martin Hansson
2008-09-09 12:49:08 +02:00
parent a43242ea6d
commit 0abc0eade2
3 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
sql/sql_parse.cc
View File

@ -5196,12 +5196,14 @@ check_table_access(THD *thd, ulong want_access,TABLE_LIST *tables,
tables->grant.privilege= want_access;
else if (tables->db && thd->db && strcmp(tables->db, thd->db) == 0)
{
if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
0, no_errors, test(tables->schema_table)))
if (check_access(thd, want_access, tables->get_db_name(),
&tables->grant.privilege, 0, no_errors,
test(tables->schema_table)))
goto deny; // Access denied
}
else if (check_access(thd,want_access,tables->db,&tables->grant.privilege,
0, no_errors, test(tables->schema_table)))
else if (check_access(thd, want_access, tables->get_db_name(),
&tables->grant.privilege, 0, no_errors,
test(tables->schema_table)))
goto deny;
}
thd->security_ctx= backup_ctx;