Fix for a security flaw in database hash

parent 042facc4
...@@ -46928,6 +46928,8 @@ not yet 100% confident in this code. ...@@ -46928,6 +46928,8 @@ not yet 100% confident in this code.
@appendixsubsec Changes in release 3.23.52 @appendixsubsec Changes in release 3.23.52
@itemize @bullet @itemize @bullet
@item @item
Fixed a security bug with empty db column in db table
@item
Changed initialisation of @code{RND()} to make it less predicatable. Changed initialisation of @code{RND()} to make it less predicatable.
@item @item
Fixed problem with @code{GROUP BY} on result with expression that created a Fixed problem with @code{GROUP BY} on result with expression that created a
...@@ -242,6 +242,8 @@ int acl_init(bool dont_read_acl_tables) ...@@ -242,6 +242,8 @@ int acl_init(bool dont_read_acl_tables)
ACL_DB db; ACL_DB db;
update_hostname(&db.host,get_field(&mem, table,0)); update_hostname(&db.host,get_field(&mem, table,0));
db.db=get_field(&mem, table,1); db.db=get_field(&mem, table,1);
if (!db.db || !db.db[0])
continue;
db.user=get_field(&mem, table,2); db.user=get_field(&mem, table,2);
db.access=get_access(table,3); db.access=get_access(table,3);
db.access=fix_rights_for_db(db.access); db.access=fix_rights_for_db(db.access);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment