database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

now GRANT db.* ... compares patterns correctly to prevent privilege escalation

Browse Source
This commit is contained in:
serg@serg.mylan
2003-07-22 22:21:23 +02:00
parent b0b6d81b5e
commit 2cac8f0768
12 changed files with 85 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
sql/sql_show.cc
View File

@ -75,7 +75,7 @@ mysqld_show_dbs(THD *thd,const char *wild)
{
if (thd->master_access & (DB_ACLS | SHOW_DB_ACL) ||
acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, file_name) ||
thd->priv_user, file_name,0) ||
(grant_option && !check_grant_db(thd, file_name)))
{
protocol->prepare_for_resend();
@ -415,7 +415,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path,
#endif
{
if (file->name[0] == '.' || !MY_S_ISDIR(file->mystat.st_mode) ||
(wild && wild_compare(file->name,wild)))
(wild && wild_compare(file->name,wild,0)))
continue;
}
}
@ -433,7 +433,7 @@ mysql_find_files(THD *thd,List<char> *files, const char *db,const char *path,
if (wild_case_compare(system_charset_info,file->name,wild))
continue;
}
else if (wild_compare(file->name,wild))
else if (wild_compare(file->name,wild,0))
continue;
}
}
@ -1031,7 +1031,7 @@ store_create_info(THD *thd, TABLE *table, String *packet)
my_bool limited_mysql_mode= (thd->variables.sql_mode &
(MODE_NO_FIELD_OPTIONS | MODE_MYSQL323 |
MODE_MYSQL40)) != 0;
DBUG_ENTER("store_create_info");
DBUG_PRINT("enter",("table: %s",table->real_name));