Commit f58ae5e3 authored by unknown's avatar unknown

Security fix: LOCK TABLES must check for sufficient privileges.


sql/sql_parse.cc:
  Check table access for SQLCOM_LOCK_TABLES.
parent 188349dd
......@@ -1851,6 +1851,15 @@ mysql_execute_command(void)
}
if (check_db_used(thd,tables) || end_active_trans(thd))
goto error;
for (TABLE_LIST *tmp = tables; tmp; tmp = tmp->next)
{
if (!(tmp->lock_type == TL_READ_NO_INSERT ?
!check_table_access(thd, SELECT_ACL, tmp) :
(!check_table_access(thd, INSERT_ACL, tmp) ||
!check_table_access(thd, UPDATE_ACL, tmp) ||
!check_table_access(thd, DELETE_ACL, tmp))))
goto error;
}
thd->in_lock_tables=1;
if (!(res=open_and_lock_tables(thd,tables)))
{
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment