Check for empty table/column names

mysql-test/t/create.test

@@ -59,6 +59,14 @@ create table test_$1.test2$ (a int);
 drop table test_$1.test2$;
 drop database test_$1;
 
+--error 1103
+create table `` (a int);
+--error 1103
+drop table if exists ``;
+--error 1166
+create table t1 (`` int);
+drop table if exists t1;
+
 #
 # Test of CREATE ... SELECT with indexes
 #

sql/sql_parse.cc

@@ -2758,8 +2758,7 @@ TABLE_LIST *add_table_to_list(Table_ident *table, LEX_STRING *alias,
   if (!table)
     DBUG_RETURN(0);				// End of memory
   alias_str= alias ? alias->str : table->table.str;
-  if (table->table.length > NAME_LEN ||
-      check_table_name(table->table.str,table->table.length) ||
+  if (check_table_name(table->table.str,table->table.length) ||
       table->db.str && check_db_name(table->db.str))
   {
     net_printf(&thd->net,ER_WRONG_TABLE_NAME,table->table.str);

sql/sql_table.cc

@@ -244,6 +244,11 @@ int mysql_create_table(THD *thd,const char *db, const char *table_name,
     }
     if (!(sql_field->flags & NOT_NULL_FLAG))
       null_fields++;
+    if (check_column_name(sql_field->field_name))
+    {
+      my_error(ER_WRONG_COLUMN_NAME, MYF(0), sql_field->field_name);
+      DBUG_RETURN(-1);
+    }
     while ((dup_field=it2++) != sql_field)
     {
       if (my_strcasecmp(sql_field->field_name, dup_field->field_name) == 0)
@@ -688,13 +693,6 @@ TABLE *create_table_from_items(THD *thd, HA_CREATE_INFO *create_info,
   while ((item=it++))
   {
     create_field *cr_field;
-    if (strlen(item->name) > NAME_LEN ||
-	check_column_name(item->name))
-    {
-      my_error(ER_WRONG_COLUMN_NAME,MYF(0),item->name);
-      DBUG_RETURN(0);
-    }
-
     Field *field=create_tmp_field(&tmp_table,item,item->type(),
 				  (Item_result_field***) 0, &tmp_field,0,0);
     if (!field ||

sql/table.cc

@@ -1099,6 +1099,8 @@ bool check_db_name(char *name)
 bool check_table_name(const char *name, uint length)
 {
   const char *end= name+length;
+  if (!length || length > NAME_LEN)
+    return 1;
 
   while (name != end)
   {
@@ -1122,6 +1124,8 @@ bool check_table_name(const char *name, uint length)
 
 bool check_column_name(const char *name)
 {
+  const char *start= name;
+
   while (*name)
   {
 #if defined(USE_MB) && defined(USE_MB_IDENT)
@@ -1139,7 +1143,8 @@ bool check_column_name(const char *name)
       return 1;
     name++;
   }
-  return 0;
+  /* Error if empty or too long column name */
+  return (name == start || (uint) (name - start) > NAME_LEN);
 }
 
 /*

tests/grant.pl

@@ -207,6 +207,16 @@ user_query("delete from $opt_database.test where a=1",1);
 user_query("update $opt_database.test set b=3 where b=1",1);
 user_query("update $opt_database.test set b=b+1",1);
 
+#
+# Test global SELECT privilege combined with table level privileges
+#
+
+safe_query("grant SELECT on *.* to $user");
+user_connect(0);
+user_query("update $opt_database.test set b=b+1");
+safe_query("revoke SELECT on *.* from $user");
+user_connect(0);
+
 # Add one privilege at a time until the user has all privileges
 user_query("select * from test",1);
 safe_query("grant select on $opt_database.test to $user");

tests/grant.res

@@ -192,6 +192,11 @@ update grant_test.test set b=3 where b=1
 Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
 update grant_test.test set b=b+1
 Error in execute: select command denied to user: 'grant_user@localhost' for column 'b' in table 'test'
+grant SELECT on *.* to grant_user@localhost
+Connecting grant_user
+update grant_test.test set b=b+1
+revoke SELECT on *.* from grant_user@localhost
+Connecting grant_user
 select * from test
 Error in execute: select command denied to user: 'grant_user@localhost' for table 'test'
 grant select on grant_test.test to grant_user@localhost