Guilhem,
You have my blessing on the security patch. The security checks look good, but
I'm trusting Dmitri's judgment on the correctness. A few notes:
=== modified file 'sql/sql_prepare.cc'
--- sql/sql_prepare.cc 2011-03-21 17:55:41 +0000
+++ sql/sql_prepare.cc 2011-05-05 11:28:31 +0000
@@ -2021,8 +2018,7 @@ static bool check_prepared_statement(Pre
if (res == 2)
{
/* Statement and field info has already been sent */
- res= FALSE;
- goto end;
+ DBUG_RETURN(FALSE);
jl: false
@@ -2107,19 +2102,15 @@ static bool check_prepared_statement(Pre
+ DBUG_RETURN(stmt->is_sql_prepare() ?
+ FALSE : (send_prep_stmt(stmt, 0) || thd->protocol->flush()));
+error:
+ DBUG_RETURN(TRUE);
jl: false, true
=== modified file 'sql/opt_trace.h'
@param support_dbug_or_support_missing_priv 'true' if this statement
should have its trace in the dbug log (--debug),
or if missing_privilege() may be called on this
trace
jl: support_dbug_or_support_missing_priv is an awfully long name. Can you make
it shorter, at least by removing the second "support"?
--
Jørgen Løland | Senior Software Engineer | +47 73842138
Oracle MySQL
Trondheim, Norway
