Security patch to remove wrong error when one had a global update/delete privilige and a database specific SELECT privilege.

sql/sql_acl.cc: Security patch sql/sql_base.cc: Security patch sql/sql_parse.cc: Security patch tests/grant.pl: Test of security patch tests/grant.res: Test of security patch
2025-08-07 00:04:31 +03:00 · 2003-05-07 23:59:24 +03:00
parent d4b465e2f3
commit a57e773289
5 changed files with 49 additions and 9 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -2155,7 +2155,17 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,

  if ((thd->master_access & want_access) == want_access)
  {
-    *save_priv=thd->master_access | thd->db_access;
+    /*
+      If we don't have a global SELECT privilege, we have to get the database
+      specific access rights to be able to handle queries of type
+      UPDATE t1 SET a=1 WHERE b > 0
+    */
+    db_access= thd->db_access;
+    if (!(thd->master_access & SELECT_ACL) &&
+	(db && (!thd->db || strcmp(db,thd->db))))
+      db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
+			thd->priv_user, db); /* purecov: inspected */
+    *save_priv=thd->master_access | db_access;
    return FALSE;
  }
  if ((want_access & ~thd->master_access) & ~(DB_ACLS | EXTRA_ACL) ||