Security fix: LOCK TABLES must check for sufficient privileges.

parent 579d9c1e
...@@ -1851,6 +1851,15 @@ mysql_execute_command(void) ...@@ -1851,6 +1851,15 @@ mysql_execute_command(void)
} }
if (check_db_used(thd,tables) || end_active_trans(thd)) if (check_db_used(thd,tables) || end_active_trans(thd))
goto error; goto error;
for (TABLE_LIST *tmp = tables; tmp; tmp = tmp->next)
{
if (!(tmp->lock_type == TL_READ_NO_INSERT ?
!check_table_access(thd, SELECT_ACL, tmp) :
(!check_table_access(thd, INSERT_ACL, tmp) ||
!check_table_access(thd, UPDATE_ACL, tmp) ||
!check_table_access(thd, DELETE_ACL, tmp))))
goto error;
}
thd->in_lock_tables=1; thd->in_lock_tables=1;
if (!(res=open_and_lock_tables(thd,tables))) if (!(res=open_and_lock_tables(thd,tables)))
{ {
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment