database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-30 16:24:05 +03:00
Code Activity

Bug#35600: Security breach via view, I_S table and prepared

Browse Source 
statement/stored procedure

View privileges are properly checked after the fix for bug no 
36086, so the method TABLE_LIST::get_db_name() must be used 
instead of field TABLE_LIST::db, as this only works for tables.
Bug appears when accessing views in prepared statements.

mysql-test/r/view_grant.result:
  Bug#35600: Extended existing test case.
mysql-test/t/view_grant.test:
  Bug#35600: Extended existing test result.
sql/sql_parse.cc:
  Bug#35600: Using method to retrieve database name instead of
  field.
This commit is contained in:
Martin Hansson
2008-09-09 12:49:08 +02:00
parent 3bad2119f9
commit c0cfce21d6
3 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
mysql-test/t/view_grant.test
View File

@ -1265,8 +1265,11 @@ USE mysqltest1;
CREATE VIEW v1 AS SELECT * FROM information_schema.tables LIMIT 1;
CREATE ALGORITHM = TEMPTABLE VIEW v2 AS SELECT 1 AS A;
CREATE VIEW test.v3 AS SELECT 1 AS a;
--connection default
GRANT SELECT ON mysqltest1.* to mysqluser1@localhost;
GRANT ALL ON test.* TO mysqluser1@localhost;
--connect (connection1, localhost, mysqluser1, , test)
PREPARE stmt_v1 FROM "SELECT * FROM mysqltest1.v1";
@ -1281,9 +1284,15 @@ REVOKE SELECT ON mysqltest1.* FROM mysqluser1@localhost;
EXECUTE stmt_v1;
--error ER_TABLEACCESS_DENIED_ERROR
EXECUTE stmt_v2;
--disconnect connection1
--connect (connection2, localhost, mysqluser1,,)
PREPARE stmt FROM "SELECT a FROM v3";
EXECUTE stmt;
--disconnect connection2
--connection default
DROP VIEW v1, v2;
DROP DATABASE mysqltest1;
DROP VIEW test.v3;
DROP USER mysqluser1@localhost;