diff options
| author | unknown <anders.song@greatopensource.com> | 2011-01-15 13:48:16 +0800 |
|---|---|---|
| committer | unknown <anders.song@greatopensource.com> | 2011-01-15 13:48:16 +0800 |
| commit | 12c6d1f355c45d00421862837a1810a5d0b28049 (patch) | |
| tree | 47cd4d625ae5d451bf005ef0bcb792887b74d631 /sql/sql_lex.h | |
| parent | f949ac55f73c32dbbfc90e24cdcfdec0058d6234 (diff) | |
| download | mariadb-git-12c6d1f355c45d00421862837a1810a5d0b28049.tar.gz | |
BUG#49124 Security issue with /*!-versioned */ SQL statements on Slave
Backport to 5.0.
/*![:version:] Query Code */, where [:version:] is a sequence of 5
digits representing the mysql server version(e.g /*!50200 ... */),
is a special comment that the query in it can be executed on those
servers whose versions are larger than the version appearing in the
comment. It leads to a security issue when slave's version is larger
than master's. A malicious user can improve his privileges on slaves.
Because slave SQL thread is running with SUPER privileges, so it can
execute queries that he/she does not have privileges on master.
This bug is fixed with the logic below:
- To replace '!' with ' ' in the magic comments which are not applied on
master. So they become common comments and will not be applied on slave.
- Example:
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /*!99999 ,(3)*/
will be binlogged as
'INSERT INTO t1 VALUES (1) /*!10000, (2)*/ /* 99999 ,(3)*/
Diffstat (limited to 'sql/sql_lex.h')
| -rw-r--r-- | sql/sql_lex.h | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/sql/sql_lex.h b/sql/sql_lex.h index 5c0367632e1..7a315d81aa5 100644 --- a/sql/sql_lex.h +++ b/sql/sql_lex.h @@ -935,7 +935,7 @@ struct st_parsing_options class Lex_input_stream { public: - Lex_input_stream(THD *thd, const char* buff, unsigned int length); + Lex_input_stream(THD *thd, char* buff, unsigned int length); ~Lex_input_stream(); /** Current thread. */ @@ -951,7 +951,7 @@ public: LEX_YYSTYPE yylval; /** Pointer to the current position in the input stream. */ - const char* ptr; + char* ptr; /** Starting position of the last token parsed. */ const char* tok_start; @@ -966,7 +966,7 @@ public: const char* tok_start_prev; /** Begining of the query text in the input stream. */ - const char* buf; + char* buf; /** Current state of the lexical analyser. */ enum my_lex_states next_state; @@ -1355,7 +1355,7 @@ public: class Parser_state { public: - Parser_state(THD *thd, const char* buff, unsigned int length) + Parser_state(THD *thd, char* buff, unsigned int length) : m_lip(thd, buff, length), m_yacc() {} |