Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES

check_access() returning false for a database does not guarantee that the access is granted to it. This wrong condition in filling the INFORMATION_SCHEMA tables causes extra tables to be returned to the user even if he has no rights to see them. Fixed by correcting the condition.
author: Georgi Kodinov <joro@sun.com> 2010-01-21 17:14:10 +0200
committer: Georgi Kodinov <joro@sun.com> 2010-01-21 17:14:10 +0200
commit: 679de2bb5eb36c900c0f9db189283e73ab4acbcc (patch)
tree: 7abbe88c4d928279d9f69d1a1afd4802391f1b1a /sql/sql_show.cc
parent: e4b7138561d567041dbb2aa8ed366e3c3d31d58b (diff)
download: mariadb-git-679de2bb5eb36c900c0f9db189283e73ab4acbcc.tar.gz
1 files changed, 4 insertions, 4 deletions
diff --git a/sql/sql_show.cc b/sql/sql_show.cc
index 5ec40d4893c..989606300d8 100644
--- a/sql/sql_show.cc
+++ b/sql/sql_show.cc
@@ -3367,11 +3367,11 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
   while ((db_name= it++))
   {
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
-    if (!check_access(thd,SELECT_ACL, db_name->str, 
-                      &thd->col_access, 0, 1, with_i_schema) ||
+    if (!(check_access(thd,SELECT_ACL, db_name->str, 
+                       &thd->col_access, 0, 1, with_i_schema) ||
+          (!thd->col_access && check_grant_db(thd, db_name->str))) ||
         sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
-	acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) ||
-	!check_grant_db(thd, db_name->str))
+        acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0))
 #endif
     {
       thd->no_warnings_for_error= 1;
author	Georgi Kodinov <joro@sun.com>	2010-01-21 17:14:10 +0200
committer	Georgi Kodinov <joro@sun.com>	2010-01-21 17:14:10 +0200
commit	679de2bb5eb36c900c0f9db189283e73ab4acbcc (patch)
tree	7abbe88c4d928279d9f69d1a1afd4802391f1b1a /sql/sql_show.cc
parent	e4b7138561d567041dbb2aa8ed366e3c3d31d58b (diff)
download	mariadb-git-679de2bb5eb36c900c0f9db189283e73ab4acbcc.tar.gz