[Commits] Rev 2795: merged in http://bazaar.launchpad.net/~maria-captains/maria/5.2/
At http://bazaar.launchpad.net/~maria-captains/maria/5.2/ ------------------------------------------------------------ revno: 2795 [merge] revision-id: sergii@pisem.net-20100515124406-xnlef39r20mfskhn parent: sergii@pisem.net-20100515084455-i2dajc6e0q73kny2 parent: sergii@pisem.net-20100515121733-8gfu2ixa3cbqxid3 committer: Sergei Golubchik <sergii@pisem.net> branch nick: 5.2 timestamp: Sat 2010-05-15 14:44:06 +0200 message: merged modified: extra/libevent/Makefile.am makefile.am-20090312215838-41pxaswf0zgarxu3-15 mysql-test/r/grant.result sp1f-grant.result-20020905131705-2gfwpyej777fcllxzcvadzd6tqdxfho3 mysql-test/t/grant.test sp1f-grant.test-20020905131705-iadu5zcjshnxgtjx7qpmfrs77bl75suy scripts/CMakeLists.txt sp1f-cmakelists.txt-20070418112138-acihcbj7ovt6jifuq7fzvs4mdjxtqvsz scripts/mysqld_multi.sh sp1f-mysql_multi_mysqld-20001207000014-ssrlcxbkjfvu6rzlxve43apfuc7dawcj sql/mysql_priv.h sp1f-mysql_priv.h-19700101030959-4fl65tqpop5zfgxaxkqotu2fa2ree5ci sql/partition_info.cc sp1f-partition_info.cpp-20060216163637-eco35bnz46tcywduzmpjofzudmzlgyog sql/sql_parse.cc sp1f-sql_parse.cc-19700101030959-ehcre3rwhv5l3mlxqhaxg36ujenxnrcd sql/sql_select.cc sp1f-sql_select.cc-19700101030959-egb7whpkh76zzvikycs5nsnuviu4fdlb sql/sql_table.cc sp1f-sql_table.cc-19700101030959-tzdkvgigezpuaxnldqh3fx2h7h2ggslu sql/sql_yacc.yy sp1f-sql_yacc.yy-19700101030959-wvn4qyy2drpmge7kaq3dysprbhlrv27j sql/table.cc sp1f-table.cc-19700101030959-nsxtem2adyqzwe6nz4cgrpcmts3o54v7 tests/mysql_client_test.c sp1f-client_test.c-20020614002636-eqy2zzksgelocknwbbogfuwxfwqy7q5x win/make_mariadb_win_dist make_mariadb_win_dis-20091011101226-jxt5k56vsnmdwseb-1 === modified file 'extra/libevent/Makefile.am' --- a/extra/libevent/Makefile.am 2009-09-29 23:00:57 +0000 +++ b/extra/libevent/Makefile.am 2010-05-15 12:17:33 +0000 @@ -36,4 +36,4 @@ event-config.h: $(top_builddir)/include/ -e 's/#ifndef /#ifndef _EVENT_/' < $(top_builddir)/include/config.h >> $@ echo "#endif" >> $@ -AM_CPPFLAGS = -Icompat -I$(top_srcdir)/include +AM_CPPFLAGS = -I$(srcdir)/compat -I$(top_srcdir)/include === modified file 'mysql-test/r/grant.result' --- a/mysql-test/r/grant.result 2010-03-29 15:13:53 +0000 +++ b/mysql-test/r/grant.result 2010-05-15 12:44:06 +0000 @@ -1414,3 +1414,19 @@ DROP USER 'user1'; DROP USER 'user1'@'localhost'; DROP USER 'user2'; DROP DATABASE db1; +CREATE DATABASE db1; +CREATE DATABASE db2; +GRANT SELECT ON db1.* to 'testbug'@localhost; +USE db2; +CREATE TABLE t1 (a INT); +USE test; +SELECT * FROM `../db2/tb2`; +ERROR 42S02: Table 'db1.../db2/tb2' doesn't exist +SELECT * FROM `../db2`.tb2; +ERROR 42000: SELECT command denied to user 'testbug'@'localhost' for table 'tb2' +SELECT * FROM `#mysql50#/../db2/tb2`; +ERROR 42S02: Table 'db1.#mysql50#/../db2/tb2' doesn't exist +DROP USER 'testbug'@localhost; +DROP TABLE db2.t1; +DROP DATABASE db1; +DROP DATABASE db2; === modified file 'mysql-test/t/grant.test' --- a/mysql-test/t/grant.test 2010-01-29 10:42:31 +0000 +++ b/mysql-test/t/grant.test 2010-05-09 19:30:06 +0000 @@ -1525,5 +1525,30 @@ DROP USER 'user1'@'localhost'; DROP USER 'user2'; DROP DATABASE db1; + +# +# Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. +# + +CREATE DATABASE db1; +CREATE DATABASE db2; +GRANT SELECT ON db1.* to 'testbug'@localhost; +USE db2; +CREATE TABLE t1 (a INT); +USE test; +connect (con1,localhost,testbug,,db1); +--error ER_NO_SUCH_TABLE +SELECT * FROM `../db2/tb2`; +--error ER_TABLEACCESS_DENIED_ERROR +SELECT * FROM `../db2`.tb2; +--error ER_NO_SUCH_TABLE +SELECT * FROM `#mysql50#/../db2/tb2`; +connection default; +disconnect con1; +DROP USER 'testbug'@localhost; +DROP TABLE db2.t1; +DROP DATABASE db1; +DROP DATABASE db2; + # Wait till we reached the initial number of concurrent sessions --source include/wait_until_count_sessions.inc === modified file 'scripts/CMakeLists.txt' --- a/scripts/CMakeLists.txt 2008-03-11 14:46:07 +0000 +++ b/scripts/CMakeLists.txt 2010-05-12 12:33:10 +0000 @@ -56,22 +56,22 @@ SET(pkgdatadir ${prefix}/share) SET(localstatedir ${prefix}/data) CONFIGURE_FILE(mysql_config.pl.in - scripts/mysql_config.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysql_config.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysql_convert_table_format.sh - scripts/mysql_convert_table_format.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysql_convert_table_format.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysql_install_db.pl.in - scripts/mysql_install_db.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysql_install_db.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysql_secure_installation.pl.in - scripts/mysql_secure_installation.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysql_secure_installation.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysqld_multi.sh - scripts/mysqld_multi.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysqld_multi.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysqldumpslow.sh - scripts/mysqldumpslow.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysqldumpslow.pl ESCAPE_QUOTES @ONLY) CONFIGURE_FILE(mysqlhotcopy.sh - scripts/mysqlhotcopy.pl ESCAPE_QUOTES @ONLY) + ${CMAKE_BINARY_DIR}/scripts/mysqlhotcopy.pl ESCAPE_QUOTES @ONLY) === modified file 'scripts/mysqld_multi.sh' --- a/scripts/mysqld_multi.sh 2010-01-21 08:10:05 +0000 +++ b/scripts/mysqld_multi.sh 2010-05-10 18:23:16 +0000 @@ -71,7 +71,6 @@ sub main print "WARNING: --config-file is deprecated and will be removed\n"; print "in MySQL 5.6. Please use --defaults-extra-file instead\n"; } - } } foreach (@defaults_options) === modified file 'sql/mysql_priv.h' --- a/sql/mysql_priv.h 2010-04-08 12:10:05 +0000 +++ b/sql/mysql_priv.h 2010-05-15 12:44:06 +0000 @@ -2339,7 +2339,7 @@ void update_create_info_from_table(HA_CR int rename_file_ext(const char * from,const char * to,const char * ext); bool check_db_name(LEX_STRING *db); bool check_column_name(const char *name); -bool check_table_name(const char *name, uint length); +bool check_table_name(const char *name, uint length, bool check_for_path_chars); char *get_field(MEM_ROOT *mem, Field *field); bool get_field(MEM_ROOT *mem, Field *field, class String *res); int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr); === modified file 'sql/partition_info.cc' --- a/sql/partition_info.cc 2009-12-03 11:19:05 +0000 +++ b/sql/partition_info.cc 2010-05-09 19:30:06 +0000 @@ -972,7 +972,7 @@ bool partition_info::check_partition_inf part_elem->engine_type= default_engine_type; } if (check_table_name(part_elem->partition_name, - strlen(part_elem->partition_name))) + strlen(part_elem->partition_name), FALSE)) { my_error(ER_WRONG_PARTITION_NAME, MYF(0)); goto end; @@ -990,7 +990,7 @@ bool partition_info::check_partition_inf { sub_elem= sub_it++; if (check_table_name(sub_elem->partition_name, - strlen(sub_elem->partition_name))) + strlen(sub_elem->partition_name), FALSE)) { my_error(ER_WRONG_PARTITION_NAME, MYF(0)); goto end; === modified file 'sql/sql_parse.cc' --- a/sql/sql_parse.cc 2010-05-05 13:12:14 +0000 +++ b/sql/sql_parse.cc 2010-05-15 12:44:06 +0000 @@ -1270,6 +1270,11 @@ bool dispatch_command(enum enum_server_c system_charset_info, packet, db_length, thd->charset(), &dummy_errors); db_buff[db_length]= '\0'; + if (check_table_name(db_buff, db_length, FALSE)) + { + my_error(ER_WRONG_TABLE_NAME, MYF(0), db_buff); + break; + } table_list.alias= table_list.table_name= db_buff; if (!(fields= (char *) thd->memdup(wildcard, query_length + 1))) break; @@ -6276,7 +6281,7 @@ TABLE_LIST *st_select_lex::add_table_to_ DBUG_RETURN(0); // End of memory alias_str= alias ? alias->str : table->table.str; if (!test(table_options & TL_OPTION_ALIAS) && - check_table_name(table->table.str, table->table.length)) + check_table_name(table->table.str, table->table.length, FALSE)) { my_error(ER_WRONG_TABLE_NAME, MYF(0), table->table.str); DBUG_RETURN(0); === modified file 'sql/sql_select.cc' --- a/sql/sql_select.cc 2010-04-08 21:03:07 +0000 +++ b/sql/sql_select.cc 2010-05-15 12:44:06 +0000 @@ -10991,6 +10991,11 @@ create_internal_tmp_table_from_heap2(THD if (table->s->db_type() != heap_hton || error != HA_ERR_RECORD_FILE_FULL) { + /* + We don't want this error to be converted to a warning, e.g. in case of + INSERT IGNORE ... SELECT. + */ + thd->fatal_error(); table->file->print_error(error,MYF(0)); DBUG_RETURN(1); } === modified file 'sql/sql_table.cc' --- a/sql/sql_table.cc 2010-05-11 14:49:23 +0000 +++ b/sql/sql_table.cc 2010-05-15 12:44:06 +0000 @@ -428,7 +428,21 @@ uint tablename_to_filename(const char *f DBUG_PRINT("enter", ("from '%s'", from)); if ((length= check_n_cut_mysql50_prefix(from, to, to_length))) + { + /* + Check if the name supplied is a valid mysql 5.0 name and + make the name a zero length string if it's not. + Note that just returning zero length is not enough : + a lot of places don't check the return value and expect + a zero terminated string. + */ + if (check_table_name(to, length, TRUE)) + { + to[0]= 0; + length= 0; + } DBUG_RETURN(length); + } length= strconvert(system_charset_info, from, &my_charset_filename, to, to_length, &errors); if (check_if_legal_tablename(to) && === modified file 'sql/sql_yacc.yy' --- a/sql/sql_yacc.yy 2010-04-30 10:12:25 +0000 +++ b/sql/sql_yacc.yy 2010-05-15 12:44:06 +0000 @@ -6345,7 +6345,7 @@ alter_list_item: { MYSQL_YYABORT; } - if (check_table_name($3->table.str,$3->table.length) || + if (check_table_name($3->table.str,$3->table.length, FALSE) || ($3->db.str && check_db_name(&$3->db))) { my_error(ER_WRONG_TABLE_NAME, MYF(0), $3->table.str); === modified file 'sql/table.cc' --- a/sql/table.cc 2010-05-11 14:49:23 +0000 +++ b/sql/table.cc 2010-05-15 12:44:06 +0000 @@ -501,6 +501,19 @@ inline bool is_system_table_name(const c } +/** + Check if a string contains path elements +*/ + +static inline bool has_disabled_path_chars(const char *str) +{ + for (; *str; str++) + if (*str == FN_EXTCHAR || *str == '/' || *str == '\\' || *str == '~' || *str == '@') + return TRUE; + return FALSE; +} + + /* Read table definition from a binary / text based .frm file @@ -555,7 +568,8 @@ int open_table_def(THD *thd, TABLE_SHARE This kind of tables must have been opened only by the my_open() above. */ - if (strchr(share->table_name.str, '@') || + if (has_disabled_path_chars(share->table_name.str) || + has_disabled_path_chars(share->db.str) || !strncmp(share->db.str, MYSQL50_TABLE_NAME_PREFIX, MYSQL50_TABLE_NAME_PREFIX_LENGTH) || !strncmp(share->table_name.str, MYSQL50_TABLE_NAME_PREFIX, @@ -3169,7 +3182,7 @@ bool check_db_name(LEX_STRING *org_name) */ -bool check_table_name(const char *name, uint length) +bool check_table_name(const char *name, uint length, bool check_for_path_chars) { uint name_length= 0; // name length in symbols const char *end= name+length; @@ -3196,6 +3209,9 @@ bool check_table_name(const char *name, continue; } } + if (check_for_path_chars && + (*name == '/' || *name == '\\' || *name == '~' || *name == FN_EXTCHAR)) + return 1; #endif name++; name_length++; === modified file 'tests/mysql_client_test.c' --- a/tests/mysql_client_test.c 2010-03-29 15:13:53 +0000 +++ b/tests/mysql_client_test.c 2010-05-15 12:44:06 +0000 @@ -18093,6 +18093,50 @@ static void test_bug44495() DBUG_VOID_RETURN; } +static void test_bug53371() +{ + int rc; + MYSQL_RES *result; + + myheader("test_bug53371"); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE IF EXISTS bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + + rc= mysql_query(mysql, "CREATE TABLE t1 (a INT)"); + myquery(rc); + rc= mysql_query(mysql, "CREATE DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "GRANT SELECT ON bug53371.* to 'testbug'@localhost"); + myquery(rc); + + rc= mysql_change_user(mysql, "testbug", NULL, "bug53371"); + myquery(rc); + + rc= mysql_query(mysql, "SHOW COLUMNS FROM client_test_db.t1"); + DIE_UNLESS(rc); + DIE_UNLESS(mysql_errno(mysql) == 1142); + + result= mysql_list_fields(mysql, "../client_test_db/t1", NULL); + DIE_IF(result); + + result= mysql_list_fields(mysql, "#mysql50#/../client_test_db/t1", NULL); + DIE_IF(result); + + rc= mysql_change_user(mysql, opt_user, opt_password, current_db); + myquery(rc); + rc= mysql_query(mysql, "DROP TABLE t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE bug53371"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + myquery(rc); +} + + /* Read and parse arguments and MySQL options from my.cnf */ @@ -18402,6 +18446,7 @@ static struct my_tests_st my_tests[]= { { "test_bug30472", test_bug30472 }, { "test_bug20023", test_bug20023 }, { "test_bug45010", test_bug45010 }, + { "test_bug53371", test_bug53371 }, { "test_bug31418", test_bug31418 }, { "test_bug31669", test_bug31669 }, { "test_bug28386", test_bug28386 }, === modified file 'win/make_mariadb_win_dist' --- a/win/make_mariadb_win_dist 2009-10-30 10:50:48 +0000 +++ b/win/make_mariadb_win_dist 2010-05-14 12:12:23 +0000 @@ -16,12 +16,14 @@ fi set -x -win/configure-mariadb.sh +if [ "x_$1" != "x_-nobuild" ]; then + win/configure-mariadb.sh -cmake -G "Visual Studio 9 2008" + cmake -G "Visual Studio 9 2008" -devenv.com MySQL.sln /build RelWithDebInfo -devenv.com MySQL.sln /build Debug + devenv.com MySQL.sln /build RelWithDebInfo + devenv.com MySQL.sln /build Debug +fi # TODO extract version number VER=`cat configure.in |
participants (1)
-
serg@askmonty.org