Skip to content

Commit 9d55dab

Browse files
author
Alexander Nozdrin
committed
Manual merge from mysql-trunk-merge.
Conflicts: - sql/sql_show.cc
2 parents 69cb0a8 + 2c44919 commit 9d55dab

File tree

3 files changed

+53
-4
lines changed

3 files changed

+53
-4
lines changed

mysql-test/r/information_schema.result

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1659,6 +1659,28 @@ SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0;
16591659
TEST_RESULT
16601660
OK
16611661
SET TIMESTAMP=DEFAULT;
1662+
#
1663+
# Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES
1664+
#
1665+
CREATE DATABASE db1;
1666+
USE db1;
1667+
CREATE TABLE t1 (id INT);
1668+
CREATE USER nonpriv;
1669+
USE test;
1670+
# connected as nonpriv
1671+
# Should return 0
1672+
SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1';
1673+
COUNT(*)
1674+
0
1675+
USE INFORMATION_SCHEMA;
1676+
# Should return 0
1677+
SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1';
1678+
COUNT(*)
1679+
0
1680+
# connected as root
1681+
DROP USER nonpriv;
1682+
DROP TABLE db1.t1;
1683+
DROP DATABASE db1;
16621684
End of 5.1 tests.
16631685
create table information_schema.t1 (f1 INT);
16641686
ERROR 42000: Access denied for user 'root'@'localhost' to database 'information_schema'

mysql-test/t/information_schema.test

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1389,6 +1389,33 @@ SET TIMESTAMP=@@TIMESTAMP + 10000000;
13891389
SELECT 'OK' AS TEST_RESULT FROM INFORMATION_SCHEMA.PROCESSLIST WHERE time < 0;
13901390
SET TIMESTAMP=DEFAULT;
13911391

1392+
1393+
--echo #
1394+
--echo # Bug #50276: Security flaw in INFORMATION_SCHEMA.TABLES
1395+
--echo #
1396+
CREATE DATABASE db1;
1397+
USE db1;
1398+
CREATE TABLE t1 (id INT);
1399+
CREATE USER nonpriv;
1400+
USE test;
1401+
1402+
connect (nonpriv_con, localhost, nonpriv,,);
1403+
connection nonpriv_con;
1404+
--echo # connected as nonpriv
1405+
--echo # Should return 0
1406+
SELECT COUNT(*) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_NAME='t1';
1407+
USE INFORMATION_SCHEMA;
1408+
--echo # Should return 0
1409+
SELECT COUNT(*) FROM TABLES WHERE TABLE_NAME='t1';
1410+
1411+
connection default;
1412+
--echo # connected as root
1413+
disconnect nonpriv_con;
1414+
DROP USER nonpriv;
1415+
DROP TABLE db1.t1;
1416+
DROP DATABASE db1;
1417+
1418+
13921419
--echo End of 5.1 tests.
13931420

13941421
#

sql/sql_show.cc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -3317,11 +3317,11 @@ int get_all_tables(THD *thd, TABLE_LIST *tables, COND *cond)
33173317
while ((db_name= it++))
33183318
{
33193319
#ifndef NO_EMBEDDED_ACCESS_CHECKS
3320-
if (!check_access(thd, SELECT_ACL, db_name->str,
3321-
&thd->col_access, NULL, 0, 1) ||
3320+
if (!(check_access(thd, SELECT_ACL, db_name->str,
3321+
&thd->col_access, NULL, 0, 1) ||
3322+
(!thd->col_access && check_grant_db(thd, db_name->str))) ||
33223323
sctx->master_access & (DB_ACLS | SHOW_DB_ACL) ||
3323-
acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0) ||
3324-
!check_grant_db(thd, db_name->str))
3324+
acl_get(sctx->host, sctx->ip, sctx->priv_user, db_name->str, 0))
33253325
#endif
33263326
{
33273327
thd->no_warnings_for_error= 1;

0 commit comments

Comments
 (0)