Auto-merge from mysql-5.1-security.

1 files changed, 12 insertions, 0 deletions

diff --git a/sql/sql_base.cc b/sql/sql_base.cc
index 60c32a1a376..bfc98937498 100644
--- a/sql/sql_base.cc
+++ b/sql/sql_base.cc
@@ -6142,6 +6142,8 @@ find_field_in_natural_join(THD *thd, TABLE_LIST *table_ref, const char *name,
 /*
   Find field by name in a base table or a view with temp table algorithm.
 
+  The caller is expected to check column-level privileges.
+
   SYNOPSIS
     find_field_in_table()
     thd				thread handler
@@ -6249,6 +6251,8 @@ find_field_in_table(THD *thd, TABLE *table, const char *name, uint length,
     This procedure detects the type of the table reference 'table_list'
     and calls the corresponding search routine.
 
+    The routine checks column-level privieleges for the found field.
+
   RETURN
     0			field is not found
     view_ref_found	found value in VIEW (real result is in *ref)
@@ -6524,8 +6528,16 @@ find_field_in_tables(THD *thd, Item_ident *item,
       when table_ref->field_translation != NULL.
       */
     if (table_ref->table && !table_ref->view)
+    {
       found= find_field_in_table(thd, table_ref->table, name, length,
                                  TRUE, &(item->cached_field_index));
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+      /* Check if there are sufficient access rights to the found field. */
+      if (found && check_privileges &&
+          check_column_grant_in_table_ref(thd, table_ref, name, length))
+        found= WRONG_GRANT;
+#endif
+    }
     else
       found= find_field_in_table_ref(thd, table_ref, name, length, item->name,
                                      NULL, NULL, ref, check_privileges,