List:Commits« Previous MessageNext Message »
From:antony Date:October 25 2006 10:49am
Subject:bk commit into 5.0 tree (acurtis:1.2291) BUG#9467
View as plain text  
Below is the list of changes that have just been committed into a local
5.0 repository of antony. When antony does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet@stripped, 2006-10-25 03:49:08-07:00, acurtis@stripped +1 -0
  Bug#9467
    "Stored procedures: possible security breach via alter procedure"
    only the routine definer can set SQL SECURITY DEFINER

  sql/sql_parse.cc@stripped, 2006-10-25 03:49:04-07:00, acurtis@stripped +22 -0
    only the routine definer can set SQL SECURITY DEFINER

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	acurtis
# Host:	ltamd64.xiphis.org
# Root:	/home/antony/work2/p2-bug9467.1

--- 1.582/sql/sql_parse.cc	2006-10-25 03:49:19 -07:00
+++ 1.583/sql/sql_parse.cc	2006-10-25 03:49:19 -07:00
@@ -76,6 +76,7 @@
 static void remove_escape(char *name);
 static bool append_file_to_dir(THD *thd, const char **filename_ptr,
 			       const char *table_name);
+static bool check_routine_definer(THD *thd, sp_head *sp)
 
 const char *any_db="*any*";	// Special symbol for check_access
 
@@ -4538,6 +4539,10 @@
                                  lex->sql_command == SQLCOM_ALTER_PROCEDURE, 0))
 	  goto error;
 
+        /* only the definer can set SQL_SECURITY DEFINER */
+        if (chistics.suid == SP_IS_SUID && check_routine_definer(thd, sp))
+		  goto error;
+
         if (end_active_trans(thd)) 
           goto error;
 	memcpy(&lex->sp_chistics, &chistics, sizeof(lex->sp_chistics));
@@ -5404,6 +5409,23 @@
   return TRUE;
 }
 
+
+static bool
+check_routine_definer(THD *thd, sp_head *sp)
+{
+  LEX_USER *definer;
+  if (!(definer= create_default_definer(thd)))
+    return TRUE;
+  if (definer->user.length != sp->m_definer_user.length ||
+      definer->host.length != sp->m_definer_host.length ||
+      strcmp(sp->m_definer_user.str, definer->user.str) ||
+      strcmp(sp->m_definer_host.str, definer->host.str))
+    goto fail;
+  return FALSE;
+fail:
+  my_error(ER_SPECIFIC_ACCESS_DENIED_ERROR, MYF(0), "DEFINER");
+  return TRUE;
+}
 
 bool
 check_routine_access(THD *thd, ulong want_access,char *db, char *name,
Thread
bk commit into 5.0 tree (acurtis:1.2291) BUG#9467antony25 Oct