diff options
| author | Alexander Nozdrin <alik@sun.com> | 2010-02-03 23:26:58 +0300 |
|---|---|---|
| committer | Alexander Nozdrin <alik@sun.com> | 2010-02-03 23:26:58 +0300 |
| commit | c746716869391e29c52ea47b2d6d342299de86c3 (patch) | |
| tree | c67c1e223605f1f3e124dcbef8c7fadf1a484a06 | |
| parent | 4a6457c8cb00f63077e2dadadca8a4e716eb334d (diff) | |
| parent | 679de2bb5eb36c900c0f9db189283e73ab4acbcc (diff) | |
| download | mariadb-git-c746716869391e29c52ea47b2d6d342299de86c3.tar.gz | |
Manual merge from mysql-trunk-merge.
Conflicts:
- sql/sql_show.cc
| -rw-r--r-- | mysql-test/r/information_schema.result | 22 | ||||
| -rw-r--r-- | mysql-test/t/information_schema.test | 27 | ||||
| -rw-r--r-- | sql/sql_show.cc | 8 |
3 files changed, 53 insertions, 4 deletions
diff --git a/mysql-test/r/information_schema.result b/mysql-test/r/information_schema.result index 736f42df996..3041c195b59 100644 --- a/mysql-test/r/information_schema.result +++ b/mysql-test/r/information_schema.result @@ -1659,6 +1659,28 @@ SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0; TEST_RESULT OK SET TIMESTAMP=DEFAULT; +# +# Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES +# +CREATE DATABASE db1; +USE db1; +CREATE TABLE t1 (id INT); +CREATE USER nonpriv; +USE test; +# connected as nonpriv +# Should return 0 +SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +COUNT(*) +0 +USE INFORMATION_SCHEMA; +# Should return 0 +SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1'; +COUNT(*) +0 +# connected as root +DROP USER nonpriv; +DROP TABLE db1.t1; +DROP DATABASE db1; End of 5.1 tests. create table information_schema.t1 (f1 INT); ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema' diff --git a/mysql-test/t/information_schema.test b/mysql-test/t/information_schema.test index 9da7cc1042d..cec93aeb0cb 100644 --- a/mysql-test/t/information_schema.test +++ b/mysql-test/t/information_schema.test @@ -1389,6 +1389,33 @@ SET TIMESTAMP=@@TIMESTAMP + 10000000; SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0; SET TIMESTAMP=DEFAULT; + +--echo # +--echo # Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES +--echo # +CREATE DATABASE db1; +USE db1; +CREATE TABLE t1 (id INT); +CREATE USER nonpriv; +USE test; + +connect (nonpriv_con, localhost, nonpriv,,); +connection nonpriv_con; +--echo # connected as nonpriv +--echo # Should return 0 +SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1'; +USE INFORMATION_SCHEMA; +--echo # Should return 0 +SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1'; + +connection default; +--echo # connected as root +disconnect nonpriv_con; +DROP USER nonpriv; +DROP TABLE db1.t1; +DROP DATABASE db1; + + --echo End of 5.1 tests. # diff --git a/sql/sql_show.cc b/sql/sql_show.cc index bc66c8cd7ac..bb7fa61f39b 100644 --- a/sql/sql_show.cc +++ b/sql/sql_show.cc @@ -3317,11 +3317,11 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond) while ((db_name= it++)) { #ifndef NO_EMBEDDED_ACCESS_CHECKS - if (!check_access(thd, SELECT_ACL, db_name->str, - &thd->col_access, NULL, 0, 1) || + if (!(check_access(thd, SELECT_ACL, db_name->str, + &thd->col_access, NULL, 0, 1) || + (!thd->col_access && check_grant_db(thd, db_name->str))) || sctx->master_access & (DB_ACLS | SHOW_DB_ACL) || - acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) || - !check_grant_db(thd, db_name->str)) + acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0)) #endif { thd->no_warnings_for_error= 1; |