database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-12-24 11:21:21 +03:00
Code Activity

Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants.

Browse Source 
The server was not checking the supplied to COM_FIELD_LIST table name
for validity and compliance to acceptable table names standards.
Fixed by checking the table name for compliance similar to how it's 
normally checked by the parser and returning an error message if 
it's not compliant.
This commit is contained in:
Georgi Kodinov
2010-05-03 18:16:51 +03:00
parent 54705ab176
commit f63608ea97
2 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sql/sql_parse.cc
View File

@@ -2042,6 +2042,13 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
}
thd->convert_string(&conv_name, system_charset_info,
packet, arg_length, thd->charset());
if (check_table_name (conv_name.str, conv_name.length))
{
/* this is OK due to convert_string() null-terminating the string */
my_error(ER_WRONG_TABLE_NAME, MYF(0), conv_name.str);
break;
}
table_list.alias= table_list.table_name= conv_name.str;
packet= pend+1;