diff options
| author | unknown <knielsen@knielsen-hq.org> | 2010-05-09 21:30:06 +0200 |
|---|---|---|
| committer | unknown <knielsen@knielsen-hq.org> | 2010-05-09 21:30:06 +0200 |
| commit | fcfb218f71b7d371a10df020994fc0a618639327 (patch) | |
| tree | 60e5c9d773785de08bedcd54721cbdf6c894f66a /tests | |
| parent | 07bfc5a2d6ebaa1a0da406177e443948ef93f5c7 (diff) | |
| download | mariadb-git-fcfb218f71b7d371a10df020994fc0a618639327.tar.gz | |
Cherry-pick fix for Bug#53371, security hole with bypassing grants using special path in db/table names.
Bump MariaDB version for security fix release.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/mysql_client_test.c | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 7f5bcaff083..c5edc747085 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -18092,6 +18092,50 @@ static void test_bug44495() DBUG_VOID_RETURN; } +static void test_bug53371() +{ + int rc; + MYSQL_RES *result; + + myheader("test_bug53371"); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE IF EXISTS bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + + rc= mysql_query(mysql, "CREATE TABLE t1 (a INT)"); + myquery(rc); + rc= mysql_query(mysql, "CREATE DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "GRANT SELECT ON bug53371.* to 'testbug'@localhost"); + myquery(rc); + + rc= mysql_change_user(mysql, "testbug", NULL, "bug53371"); + myquery(rc); + + rc= mysql_query(mysql, "SHOW COLUMNS FROM client_test_db.t1"); + DIE_UNLESS(rc); + DIE_UNLESS(mysql_errno(mysql) == 1142); + + result= mysql_list_fields(mysql, "../client_test_db/t1", NULL); + DIE_IF(result); + + result= mysql_list_fields(mysql, "#mysql50#/../client_test_db/t1", NULL); + DIE_IF(result); + + rc= mysql_change_user(mysql, opt_user, opt_password, current_db); + myquery(rc); + rc= mysql_query(mysql, "DROP TABLE t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + myquery(rc); +} + + /* Read and parse arguments and MySQL options from my.cnf */ @@ -18401,6 +18445,7 @@ static struct my_tests_st my_tests[]= { { "test_bug30472", test_bug30472 }, { "test_bug20023", test_bug20023 }, { "test_bug45010", test_bug45010 }, + { "test_bug53371", test_bug53371 }, { "test_bug31418", test_bug31418 }, { "test_bug31669", test_bug31669 }, { "test_bug28386", test_bug28386 }, |