mirror of
https://github.com/MariaDB/server.git
synced 2025-05-11 13:21:44 +03:00
12c6d1f355
Backport to 5.0.
/*![:version:] Query Code */, where [:version:] is a sequence of 5
digits representing the mysql server version(e.g /*!50200 ... */),
is a special comment that the query in it can be executed on those
servers whose versions are larger than the version appearing in the
comment. It leads to a security issue when slave's version is larger
than master's. A malicious user can improve his privileges on slaves.
Because slave SQL thread is running with SUPER privileges, so it can
execute queries that he/she does not have privileges on master.
This bug is fixed with the logic below:
- To replace '!' with ' ' in the magic comments which are not applied on
master. So they become common comments and will not be applied on slave.
- Example:
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
will be binlogged as
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
58 lines
2.6 KiB
Plaintext
58 lines
2.6 KiB
Plaintext
stop slave;
|
|
drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
|
|
reset master;
|
|
reset slave;
|
|
drop table if exists t1,t2,t3,t4,t5,t6,t7,t8,t9;
|
|
start slave;
|
|
CREATE TABLE t1(c1 INT);
|
|
show binlog events from <binlog_start>;
|
|
Log_name Pos Event_type Server_id End_log_pos Info
|
|
master-bin.000001 # Query # # use `test`; CREATE TABLE t1(c1 INT)
|
|
|
|
# Case 1:
|
|
# ------------------------------------------------------------------
|
|
# In a statement, some CCs are applied while others are not. The CCs
|
|
# which are not applied on master will be binlogged as common comments.
|
|
/*!99999 --- */INSERT /*!INTO*/ /*!10000 t1 */ VALUES(10) /*!99999 ,(11)*/;
|
|
show binlog events from <binlog_start>;
|
|
Log_name Pos Event_type Server_id End_log_pos Info
|
|
master-bin.000001 # Query # # use `test`; /* 99999 --- */INSERT /*!INTO*/ /*!10000 t1 */ VALUES(10) /* 99999 ,(11)*/
|
|
Comparing tables master:test.t1 and slave:test.t1
|
|
|
|
# Case 2:
|
|
# -----------------------------------------------------------------
|
|
# Verify whether it can be binlogged correctly when executing prepared
|
|
# statement.
|
|
PREPARE stmt FROM 'INSERT INTO /*!99999 blabla*/ t1 VALUES(60) /*!99999 ,(61)*/';
|
|
EXECUTE stmt;
|
|
DROP TABLE t1;
|
|
CREATE TABLE t1(c1 INT);
|
|
EXECUTE stmt;
|
|
Comparing tables master:test.t1 and slave:test.t1
|
|
|
|
SET @value=62;
|
|
PREPARE stmt FROM 'INSERT INTO /*!99999 blabla */ t1 VALUES(?) /*!99999 ,(63)*/';
|
|
EXECUTE stmt USING @value;
|
|
DROP TABLE t1;
|
|
CREATE TABLE t1(c1 INT);
|
|
EXECUTE stmt USING @value;
|
|
show binlog events from <binlog_start>;
|
|
Log_name Pos Event_type Server_id End_log_pos Info
|
|
master-bin.000001 # Query # # use `test`; INSERT INTO /* 99999 blabla*/ t1 VALUES(60) /* 99999 ,(61)*/
|
|
master-bin.000001 # Query # # use `test`; DROP TABLE t1
|
|
master-bin.000001 # Query # # use `test`; CREATE TABLE t1(c1 INT)
|
|
master-bin.000001 # Query # # use `test`; INSERT INTO /* 99999 blabla*/ t1 VALUES(60) /* 99999 ,(61)*/
|
|
master-bin.000001 # Query # # use `test`; INSERT INTO /* 99999 blabla */ t1 VALUES(62) /* 99999 ,(63)*/
|
|
master-bin.000001 # Query # # use `test`; DROP TABLE t1
|
|
master-bin.000001 # Query # # use `test`; CREATE TABLE t1(c1 INT)
|
|
master-bin.000001 # Query # # use `test`; INSERT INTO /* 99999 blabla */ t1 VALUES(62) /* 99999 ,(63)*/
|
|
Comparing tables master:test.t1 and slave:test.t1
|
|
|
|
# Case 3:
|
|
# -----------------------------------------------------------------
|
|
# Verify it can restore the '!', if the it is an uncomplete conditional
|
|
# comments
|
|
SELECT c1 FROM /*!99999 t1 WHEREN;
|
|
ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '/*!99999 t1 WHEREN' at line 1
|
|
DROP TABLE t1;
|