diff options
| author | unknown <anozdrin/alik@alik.> | 2006-08-23 21:31:00 +0400 |
|---|---|---|
| committer | unknown <anozdrin/alik@alik.> | 2006-08-23 21:31:00 +0400 |
| commit | f96ee72fb07961faf1ee950fcb66c2dfa0589694 (patch) | |
| tree | 33f16ff37ffb4d6166ab1d1376dc7f488cde6df7 /mysql-test/t/grant.test | |
| parent | 09e9b2f6cd92d7a75dfb6e46fadd9be2c326c8f5 (diff) | |
| download | mariadb-git-f96ee72fb07961faf1ee950fcb66c2dfa0589694.tar.gz | |
Fix for BUG#16899: Possible buffer overflow in handling of DEFINER-clause
User name (host name) has limit on length. The server code relies on these
limits when storing the names. The problem was that sometimes these limits
were not checked properly, so that could lead to buffer overflow.
The fix is to check length of user/host name in parser and if string is too
long, throw an error.
mysql-test/r/grant.result:
Updated result file.
mysql-test/r/sp.result:
Updated result file.
mysql-test/r/trigger.result:
Updated result file.
mysql-test/r/view.result:
Updated result file.
mysql-test/t/grant.test:
Added test for BUG#16899.
mysql-test/t/sp.test:
Added test for BUG#16899.
mysql-test/t/trigger.test:
Added test for BUG#16899.
mysql-test/t/view.test:
Added test for BUG#16899.
sql/mysql_priv.h:
Added prototype for new function.
sql/share/errmsg.txt:
Added new resources.
sql/sql_acl.cc:
Remove outdated checks.
sql/sql_parse.cc:
Add a new function for checking string length.
sql/sql_yacc.yy:
Check length of user/host name.
Diffstat (limited to 'mysql-test/t/grant.test')
| -rw-r--r-- | mysql-test/t/grant.test | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test index a9d52f559ca..94b63389771 100644 --- a/mysql-test/t/grant.test +++ b/mysql-test/t/grant.test @@ -681,3 +681,52 @@ drop table t2; drop table t1; +# +# Test for BUG#16899: Possible buffer overflow in handling of DEFINER-clause. +# +# These checks are intended to ensure that appropriate errors are risen when +# illegal user name or hostname is specified in user-clause of GRANT/REVOKE +# statements. +# + +# Working with database-level privileges. + +--error ER_WRONG_STRING_LENGTH +GRANT CREATE ON mysqltest.* TO 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +GRANT CREATE ON mysqltest.* TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + +--error ER_WRONG_STRING_LENGTH +REVOKE CREATE ON mysqltest.* FROM 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +REVOKE CREATE ON mysqltest.* FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + +# Working with table-level privileges. + +--error ER_WRONG_STRING_LENGTH +GRANT CREATE ON t1 TO 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +GRANT CREATE ON t1 TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + +--error ER_WRONG_STRING_LENGTH +REVOKE CREATE ON t1 FROM 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +REVOKE CREATE ON t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + +# Working with routine-level privileges. + +--error ER_WRONG_STRING_LENGTH +GRANT EXECUTE ON PROCEDURE p1 TO 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +GRANT EXECUTE ON PROCEDURE p1 TO some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; + +--error ER_WRONG_STRING_LENGTH +REVOKE EXECUTE ON PROCEDURE p1 FROM 1234567890abcdefGHIKL@localhost; + +--error ER_WRONG_STRING_LENGTH +REVOKE EXECUTE ON PROCEDURE t1 FROM some_user_name@1234567890abcdefghij1234567890abcdefghij1234567890abcdefghijQWERTY; |