• Developer Zone
• Lists Home
• FAQ

Below is the list of changes that have just been committed into a local
5.0 repository of tomash. When tomash does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2205 06/06/25 19:09:47 kroki@stripped +3 -0
  Bug#20664: Unprivileged SHOW CREATE FUNCTION crashes 'mysql' command line client
  
  Send empty string if the user doesn't have enough privilege to see routine
  definition.

  sql/sp_head.cc
    1.216 06/06/24 17:48:54 kroki@stripped +4 -0
    Send empty string if the user doesn't have enough privilege to see routine
    definition.

  mysql-test/t/sp-security.test
    1.33 06/06/24 17:48:54 kroki@stripped +33 -1
    Add test case for bug#20664.

  mysql-test/r/sp-security.result
    1.30 06/06/24 17:48:53 kroki@stripped +27 -0
    Add result for bug#20664.

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	kroki
# Host:	moonlight.intranet
# Root:	/home/tomash/src/mysql_ab/mysql-5.0-bug20664

--- 1.29/mysql-test/r/sp-security.result	2006-04-18 20:10:42 +04:00
+++ 1.30/mysql-test/r/sp-security.result	2006-06-24 17:48:53 +04:00
@@ -420,3 +420,30 @@
 ---> connection: root
 DROP USER mysqltest_2@localhost;
 DROP DATABASE mysqltest;
+USE test;
+DROP PROCEDURE IF EXISTS p1;
+DROP FUNCTION IF EXISTS f1;
+CREATE PROCEDURE p1() SET @a= 1;
+CREATE FUNCTION f1() RETURNS INT RETURN @a;
+CREATE USER mysql_bug20664@localhost;
+GRANT EXECUTE ON PROCEDURE p1 TO mysql_bug20664@localhost;
+GRANT EXECUTE ON FUNCTION f1 TO mysql_bug20664@localhost;
+SHOW CREATE PROCEDURE p1;
+Procedure	sql_mode	Create Procedure
+p1		
+SHOW CREATE PROCEDURE p1;
+Procedure	sql_mode	Create Procedure
+p1		
+SHOW CREATE FUNCTION f1;
+Function	sql_mode	Create Function
+f1		
+SHOW CREATE FUNCTION f1;
+Function	sql_mode	Create Function
+f1		
+CALL p1();
+SELECT f1();
+f1()
+1
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
+DROP USER mysql_bug20664@localhost;

--- 1.32/mysql-test/t/sp-security.test	2006-04-18 20:10:42 +04:00
+++ 1.33/mysql-test/t/sp-security.test	2006-06-24 17:48:54 +04:00
@@ -742,6 +742,38 @@
 DROP USER mysqltest_2@localhost;
 
 DROP DATABASE mysqltest;
+USE test;
 
 
-# End of 5.0 bugs.
+#
+# Bug#20664: Unprivileged SHOW CREATE FUNCTION crashes 'mysql' command
+# line client
+#
+--disable_warnings
+DROP PROCEDURE IF EXISTS p1;
+DROP FUNCTION IF EXISTS f1;
+--enable_warnings
+
+CREATE PROCEDURE p1() SET @a= 1;
+CREATE FUNCTION f1() RETURNS INT RETURN @a;
+CREATE USER mysql_bug20664@localhost;
+GRANT EXECUTE ON PROCEDURE p1 TO mysql_bug20664@localhost;
+GRANT EXECUTE ON FUNCTION f1 TO mysql_bug20664@localhost;
+
+connect (conn1, localhost, mysql_bug20664,,);
+
+SHOW CREATE PROCEDURE p1;
+SHOW CREATE PROCEDURE p1;
+SHOW CREATE FUNCTION f1;
+SHOW CREATE FUNCTION f1;
+CALL p1();
+SELECT f1();
+
+disconnect conn1;
+connection default;
+
+DROP FUNCTION f1;
+DROP PROCEDURE p1;
+DROP USER mysql_bug20664@localhost;
+
+# End of 5.0 tests.

--- 1.215/sql/sp_head.cc	2006-06-22 19:29:45 +04:00
+++ 1.216/sql/sp_head.cc	2006-06-24 17:48:54 +04:00
@@ -1909,6 +1909,8 @@
   protocol->store((char*) sql_mode_str, sql_mode_len, system_charset_info);
   if (full_access)
     protocol->store(m_defstr.str, m_defstr.length, system_charset_info);
+  else
+    protocol->store("", 0, system_charset_info);
   res= protocol->write();
   send_eof(thd);
 
@@ -1974,6 +1976,8 @@
   protocol->store((char*) sql_mode_str, sql_mode_len, system_charset_info);
   if (full_access)
     protocol->store(m_defstr.str, m_defstr.length, system_charset_info);
+  else
+    protocol->store("", 0, system_charset_info);
   res= protocol->write();
   send_eof(thd);