Fixed BUG#14834: Server denies to execute Stored Procedure

The problem was that databases with '_' in the name did not match a correct ACL with a literal '_' (i.e. '\_') in the db name, only identical strings matched. The fix makes this work, and also ACLs with wildcards in the db name work. mysql-test/r/sp-security.result: New test case for BUG#14834 mysql-test/t/sp-security.test: New test case for BUG#14834 sql/sql_acl.cc: Match wild db:s in ACL in acl_getroot_no_password() (used for "suid" security context switching when invoking stored routines)
2025-12-24 11:21:21 +03:00 · 2005-12-15 15:23:16 +01:00
parent 4e971ef7a6
commit 718128db90
3 changed files with 66 additions and 1 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -987,7 +987,7 @@ bool acl_getroot_no_password(Security_context *sctx, char *user, char *host,
      {
 	if (compare_hostname(&acl_db->host, host, ip))
 	{
-	  if (!acl_db->db || (db && !strcmp(acl_db->db, db)))
+	  if (!acl_db->db || (db && !wild_compare(db, acl_db->db, 0)))
 	  {
 	    sctx->db_access= acl_db->access;
 	    break;