diff options
| author | unknown <kroki/tomash@moonlight.home> | 2007-01-18 12:48:17 +0300 |
|---|---|---|
| committer | unknown <kroki/tomash@moonlight.home> | 2007-01-18 12:48:17 +0300 |
| commit | 0541dcad3bd09dc616298d7cc18c5a8c9d1e7458 (patch) | |
| tree | d8be64e6bf82da7be443651ebd6320ba80f9b1cf /sql/sql_view.cc | |
| parent | d501b2dd3966d4f236b46a3b3bb7b89929e25716 (diff) | |
| download | mariadb-git-0541dcad3bd09dc616298d7cc18c5a8c9d1e7458.tar.gz | |
Bug#24404: strange bug with view+permission+prepared statement.
The problem was that if a prepared statement accessed a view, the
access to the tables listed in the query after that view was done in
the security context of the view.
The bug was in the assigning of the security context to the tables
belonging to a view: we traversed the list of all query tables
instead. It didn't show up in the normal (non-prepared) statements
because of the different order of the steps of checking privileges
and descending into a view for normal and prepared statements.
The solution is to traverse the list and stop once the last table
belonging to the view was processed.
mysql-test/r/view_grant.result:
Add result for bug#24404: strange bug with view+permission+prepared
statement.
mysql-test/t/view_grant.test:
Add test case for bug#24404: strange bug with view+permission+prepared
statement.
sql/sql_view.cc:
Remove dead line.
When setting security context, we should traverse the list of tables
belonging to a given view, not all query tables. We achieve that by
stopping at the first table past view_tables_tail.
Diffstat (limited to 'sql/sql_view.cc')
| -rw-r--r-- | sql/sql_view.cc | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/sql/sql_view.cc b/sql/sql_view.cc index c0cdaf59712..8cb7ea9cd81 100644 --- a/sql/sql_view.cc +++ b/sql/sql_view.cc @@ -1136,13 +1136,17 @@ bool mysql_make_view(THD *thd, File_parser *parser, TABLE_LIST *table, /* Prepare a security context to check underlying objects of the view */ - Security_context *save_security_ctx= thd->security_ctx; if (!(table->view_sctx= (Security_context *) thd->stmt_arena->alloc(sizeof(Security_context)))) goto err; /* Assign the context to the tables referenced in the view */ - for (tbl= view_tables; tbl; tbl= tbl->next_global) - tbl->security_ctx= table->view_sctx; + if (view_tables) + { + DBUG_ASSERT(view_tables_tail); + for (tbl= view_tables; tbl != view_tables_tail->next_global; + tbl= tbl->next_global) + tbl->security_ctx= table->view_sctx; + } /* assign security context to SELECT name resolution contexts of view */ for(SELECT_LEX *sl= lex->all_selects_list; sl; |