From: Sunanda Menon Date: May 5 2010 1:34pm Subject: bzr commit into mysql-5.0 branch (sunanda.menon:2862) Bug#53371 List-Archive: http://lists.mysql.com/commits/107532 X-Bug: 53371 Message-Id: <20100505133409.19353.qmail@helheim> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0694081163==" --===============0694081163== MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline #At file:///net/helheim/store/bteam/bzr/mysql-5.0.91-release/ based on revid:joro@stripped 2862 Sunanda Menon 2010-05-05 ------------------------------------------------------------ revno: 2861 committer: Georgi Kodinov branch nick: B53371-5.0-bugteam timestamp: Mon 2010-05-03 18:16:51 +0300 message: Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. The server was not checking the supplied to COM_FIELD_LIST table name for validity and compliance to acceptable table names standards. Fixed by checking the table name for compliance similar to how it's normally checked by the parser and returning an error message if it's not compliant. modified: sql/sql_parse.cc tests/mysql_client_test.c === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2010-04-29 13:28:16 +0000 +++ b/sql/sql_parse.cc 2010-05-05 13:33:46 +0000 @@ -2042,6 +2042,13 @@ bool dispatch_command(enum enum_server_c } thd->convert_string(&conv_name, system_charset_info, packet, arg_length, thd->charset()); + if (check_table_name (conv_name.str, conv_name.length)) + { + /* this is OK due to convert_string() null-terminating the string */ + my_error(ER_WRONG_TABLE_NAME, MYF(0), conv_name.str); + break; + } + table_list.alias= table_list.table_name= conv_name.str; packet= pend+1; === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2009-08-08 02:32:01 +0000 +++ b/tests/mysql_client_test.c 2010-05-05 13:33:46 +0000 @@ -16679,6 +16679,47 @@ static void test_bug45010() } +static void test_bug53371() +{ + int rc; + MYSQL_RES *result; + + myheader("test_bug53371"); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE IF EXISTS bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + + rc= mysql_query(mysql, "CREATE TABLE t1 (a INT)"); + myquery(rc); + rc= mysql_query(mysql, "CREATE DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "GRANT SELECT ON bug53371.* to 'testbug'@localhost"); + myquery(rc); + + rc= mysql_change_user(mysql, "testbug", NULL, "bug53371"); + myquery(rc); + + rc= mysql_query(mysql, "SHOW COLUMNS FROM client_test_db.t1"); + DIE_UNLESS(rc); + DIE_UNLESS(mysql_errno(mysql) == 1142); + + result= mysql_list_fields(mysql, "../client_test_db/t1", NULL); + DIE_IF(result); + + rc= mysql_change_user(mysql, opt_user, opt_password, current_db); + myquery(rc); + rc= mysql_query(mysql, "DROP TABLE t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + myquery(rc); +} + + /* Read and parse arguments and MySQL options from my.cnf */ @@ -16982,6 +17023,7 @@ static struct my_tests_st my_tests[]= { { "test_bug41078", test_bug41078 }, { "test_bug20023", test_bug20023 }, { "test_bug45010", test_bug45010 }, + { "test_bug53371", test_bug53371 }, { 0, 0 } }; --===============0694081163== MIME-Version: 1.0 Content-Type: text/bzr-bundle; charset="us-ascii"; name="bzr/sunanda.menon@stripped" Content-Transfer-Encoding: 7bit Content-Disposition: inline # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sunanda.menon@stripped # target_branch: file:///net/helheim/store/bteam/bzr/mysql-5.0.91-\ # release/ # testament_sha1: fe2a460bad61fb9b6b6d1c6f7055467bf60f3b73 # timestamp: 2010-05-05 15:34:08 +0200 # base_revision_id: joro@stripped # # Begin bundle IyBCYXphYXIgcmV2aXNpb24gYnVuZGxlIHY0CiMKQlpoOTFBWSZTWdn/BAEAA2lfgFAQWf///3/v /uC////6YAf/eby3a1QPRiK0FD11bejkDDQpgp6Uekeo8p6nqMj0myjR6hkNM1DQAAABKUMk1H6T yp7VHpPUaaAAxAxNGhnqQAAAMoE9CKemUGh6j1NADR6hoAAB6gA0NBIkSepk0aTUzUw0TyE9Jpo0 0aAaaB6gYgAcNNMEMhppkZMIBpoAwmjTJgAQNBJITQAJkaaCYQQxNTNRqekaZplNG1NB6n4qXPgJ l6G5LPPZwwlcfv5nl8uOynKv0bdzcoto+cXWwEOcQ2NgzuXsahNSeSWDYnS8lU0YjRdOb3+Dgsi2 rqw23JavzArWJiEbYLtP5/z79O88WDaintjhX1NgbY2n+gH2pmFAhz03HKCqLj3NREYEE7Ju9JOw ZVlYNNGKHnjZzmOYNC0RepFCqarF+5dyAtsD5n56rYRR1AerxkfOaPvSGGDpZHZOJjp1kjTILBKg Xhc8V0CCBKUIMzRrKDhaMS6hwSqELmgRTF0QA1MM4hUcVF+metODkheL+FF4xBgiNvCN7jRD13j3 QKX9ExExtC9kLWZfVZC17J8b4Bz37REDg4ZgI3eNfU3Hpwyv4juiz6vgL7MDgPxyyFZbIg49twfH Qi1WdYvR2xGYukCddNuu3dJfMMY3DnRQviUOiBOVxuyuKyX1Eq7V2pJvvQMb+/+vQqvmjvK+Ksrx aXWCzRp17anP0aYfKMzFEKElMg7adkjBRxNw+cqhmmoOMXpD6QGU3ICmWslkKB6boIm6o1glF0Uz VYnOImVFTY02sFsRDErzPlkLZKvFFXRK+ebKNEQLk8tOhP5ES+xPG/FtbHXLrLX1lK8i40UvRhnT lTUElbgTKTSSeLq1lXqhSxqkJlPeV1UXaaYkqJzIvpMQG6C0cNW5w00WQWAUJDAOVp7yWCRwUhgS vJS0z7DK8gGDGdYVEwyv2jqZKi9OVZckZQoJiosXKwrJDzLLqSy8ZIzaxzgLisvNIGxvp6T/K8O1 YFxq2xMS6fWatYD2U6kM4FZU9a5hTSNK0hmSGqFJYnMUwowvq/kejmtiY8dPWEJG3OmUpVFftfCQ cESg4lRMYHI0gdmnnRywslLR8hTna1xuITEkxSwQHhpVEzRLzMliQKqOyaK2EpWRKSJUTzuIkSsx P6OTAWa+yns9Us5XInPfgMrwnJZEVbPkFgYXNASbNSuaXOzovFTEXXUbmPG5ZYaHyEG5o9Kz96VI KREvop7Vo1AHrS9+rgXWugtMrbxxD6kpzDERAoF0mD3xEEGq0rl+CpdFUyckcwebehApvdP+xenk WnPQ8nvLzFNQOlPQl9G0vnHjDSM8xkuivLBhzkvSYWiw9JSrD7YiiaMyctVl5qymNAPsonGnU6sc QHwNUg8vdQYg1o0dDjHeHSmnojeZvKBom/coU2Inv9k6MPC0Xx6NIiIvWvEPrEWr4niO9tJYE6He C0f4/eGAiojREmHEggtyLXCl7QOoiCFeMajJ4RExXOLFIkE6RhkINKTT+hiLR9D4+H8bNQdpChOG yocpl9GCavZduSHjyYcQ+Zt1Gk6TkYlKF+SuqK1Wbh8So/vJaVkC7Ex7K1TIbgtJZSP6RuSWqAqG 5EjraStmg4ff8jUURxJSYOiQJR7yIDkj6l6wKDRwWM3Xa+/rNkg76uDSaWTnbfWoqBoxKje/2cDs OnXzLq+0nsUDr6eDF6ghmMSiVVAoPC7Y03VFDJdQnuzLaNvvQFItCVIxPEvOYOl8HJsrB7dXFo8w k5Ai200OCdAwyLlFtDCHohE2ckajQPvHHXxGDuPWdhxVKw0/wew1rKfPpgjq2HMy3zyoYGgOQexA 83jew378tOy3zpnz4m3dSxYJl/k6CH6svw1xB/SrfvJ94tsbBtUyg995y2508QJzNkICfgqN68hM hzEbfIyKaUaGRTBqPZEgKsukChglrnFP0nJfeuR5+/gU8Dm3YxXtQ4zY2EeQBZoLgtgIM95nMhoc c+W5cibwoulYP/K+SOMd1MhFOFJc4HIHoLEDWcPhywXU01Rn3FY1JuT1HcBuz/lckdYl1wZ5QkV3 O1uzZSUuJgF7dbTCYimI5qxSQUSIB7CWGvbg+xV9wIaUuyYAjYISFrWCkS0quHhIUVi2e7a6oOSP J2w0dIIj8bkOQMG+ASo0FiGcRDFoWllkAwMLESxKerBWRSDPKqqkCglayPaUIFaKw5jqaRomjVPT +ByMbxAV2iIiJpzUWAOqOQzhmNQyqAY5qCOg19SRkhYElG4lun3SAT/ag19rjNk99VtN48H20myv viEs2sJCM6mBlKy7hzgQzs3yqJ5vLaO+pyG5hYqWQ1oyU4ySuU8KCCwORbDbziW0xRBAjDgB5FCC tlmWAtRyk8Mw9yS8bCwGIzYV1mb1Yd9UIKaxiiWXiyoNJME7JjZyDW9D6QbCIEaKcjKKmwGcO2qE At5zvR7dOi8zkHnOxIeK9GCYGZlKwXnqApWt8h1asuJ6wRP+VolSca+60QfRkjRZNuWJl8AJzWe0 qWvW5ZNtxpJBEcgJ9uUJygbCsmPgO1Abe8sJi46ALka35WPc5CLgfe9sZNTwESRAf7gKrFbDwJa4 39xkvTGif4u5IpwoSGz/ggCA --===============0694081163==--