diff options
| author | serg@serg.mylan <> | 2003-07-22 22:21:23 +0200 |
|---|---|---|
| committer | serg@serg.mylan <> | 2003-07-22 22:21:23 +0200 |
| commit | 2cac8f07682491c20b0419cbdb4fe5b164472094 (patch) | |
| tree | 0eec29de18641195250ca526517244f6f0b0e820 /mysys | |
| parent | b0b6d81b5e57aa03b09a5a514c917788e12be2e3 (diff) | |
| download | mariadb-git-2cac8f07682491c20b0419cbdb4fe5b164472094.tar.gz | |
now GRANT db.* ... compares patterns correctly to prevent privilege escalation
Diffstat (limited to 'mysys')
| -rw-r--r-- | mysys/mf_wcomp.c | 65 | ||||
| -rw-r--r-- | mysys/mf_wfile.c | 4 |
2 files changed, 46 insertions, 23 deletions
diff --git a/mysys/mf_wcomp.c b/mysys/mf_wcomp.c index bdcfb0501d8..62a5a02eaea 100644 --- a/mysys/mf_wcomp.c +++ b/mysys/mf_wcomp.c @@ -23,11 +23,12 @@ char wild_many='*'; char wild_one='?'; -char wild_prefix=0; +char wild_prefix=0; /* QQ this can potentially cause a SIGSEGV */ -int wild_compare(register const char *str, register const char *wildstr) +int wild_compare(register const char *str, register const char *wildstr, + pbool str_is_pattern) { - reg3 int flag; + char cmp; DBUG_ENTER("wild_compare"); while (*wildstr) @@ -35,33 +36,55 @@ int wild_compare(register const char *str, register const char *wildstr) while (*wildstr && *wildstr != wild_many && *wildstr != wild_one) { if (*wildstr == wild_prefix && wildstr[1]) + { wildstr++; - if (*wildstr++ != *str++) DBUG_RETURN(1); + if (str_is_pattern && *str++ != wild_prefix) + DBUG_RETURN(1); + } + if (*wildstr++ != *str++) + DBUG_RETURN(1); } - if (! *wildstr ) DBUG_RETURN (*str != 0); + if (! *wildstr ) + DBUG_RETURN(*str != 0); if (*wildstr++ == wild_one) { - if (! *str++) DBUG_RETURN (1); /* One char; skipp */ + if (! *str || (str_is_pattern && *str == wild_many)) + DBUG_RETURN(1); /* One char; skipp */ + if (*str++ == wild_prefix && str_is_pattern && *str) + str++; } else { /* Found '*' */ - if (!*wildstr) DBUG_RETURN(0); /* '*' as last char: OK */ - flag=(*wildstr != wild_many && *wildstr != wild_one); - do + while (str_is_pattern && *str == wild_many) + str++; + for (; *wildstr == wild_many || *wildstr == wild_one; wildstr++) + if (*wildstr == wild_many) + { + while (str_is_pattern && *str == wild_many) + str++; + } + else + { + if (str_is_pattern && *str == wild_prefix && str[1]) + str+=2; + else if (! *str++) + DBUG_RETURN (1); + } + if (!*wildstr) + DBUG_RETURN(0); /* '*' as last char: OK */ + if ((cmp= *wildstr) == wild_prefix && wildstr[1] && !str_is_pattern) + cmp=wildstr[1]; + for(;;str++) { - if (flag) - { - char cmp; - if ((cmp= *wildstr) == wild_prefix && wildstr[1]) - cmp=wildstr[1]; - while (*str && *str != cmp) - str++; - if (!*str) DBUG_RETURN (1); - } - if (wild_compare(str,wildstr) == 0) DBUG_RETURN (0); - } while (*str++ && wildstr[0] != wild_many); + while (*str && *str != cmp) + str++; + if (!*str) + DBUG_RETURN (1); + if (wild_compare(str,wildstr,str_is_pattern) == 0) + DBUG_RETURN (0); + } DBUG_RETURN(1); } } - DBUG_RETURN (*str != '\0'); + DBUG_RETURN (*str != 0); } /* wild_compare */ diff --git a/mysys/mf_wfile.c b/mysys/mf_wfile.c index 3c10de1f238..b964d7ee494 100644 --- a/mysys/mf_wfile.c +++ b/mysys/mf_wfile.c @@ -99,7 +99,7 @@ int wf_test(register WF_PACK *wf_pack, register const char *name) not_pos=wf_pack->not_pos; for (i=0 ; i < not_pos; i++) - if (wild_compare(name,wf_pack->wild[i]) == 0) + if (wild_compare(name,wf_pack->wild[i],0) == 0) goto found; if (i) DBUG_RETURN(1); /* No-match */ @@ -108,7 +108,7 @@ found: /* Test that it isn't in not-list */ for (i=not_pos ; i < wf_pack->wilds; i++) - if (wild_compare(name,wf_pack->wild[i]) == 0) + if (wild_compare(name,wf_pack->wild[i],0) == 0) DBUG_RETURN(1); DBUG_RETURN(0); } /* wf_test */ |