- 10 Oct, 2011 3 commits
-
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
-
- 07 Oct, 2011 2 commits
-
-
Magne Mahre authored
-
Magne Mahre authored
A buffer large enough to hold the query _plus_ some additional data is allocated before parsing is started. The additional data is used by the query cache, and consists of the name of the current database and a set of flags. When a packet containing multiple SQL statements is sent to the server and one of the statements changes the current database (a "USE <db>" statement), and the name of the new current database is longer than of the previous, there is not enough space in the buffer for the new name, and we write out over the buffer boundary. The fix adds an extra field to store the number of bytes allocated to the database name in the buffer. If the current database name changes, and the new name is longer than the previous one, we refuse to cache the query.
-
- 06 Oct, 2011 4 commits
-
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
-
- 29 Sep, 2011 2 commits
-
-
Tatjana Azundris Nuernberg authored
-
Tatjana Azundris Nuernberg authored
Bug#11765687 (MySQL58677): No privilege on table / view, but can know #rows / underlying table's name 1 - If a user had SHOW VIEW and SELECT privileges on a view and this view was referencing another view, EXPLAIN SELECT on the outer view (that the user had privileges on) could reveal the structure of the underlying "inner" view as well as the number of rows in the underlying tables, even if the user had privileges on none of these referenced objects. This happened because we used DEFINER's UID ("SUID") not just for the view given in EXPLAIN, but also when checking privileges on the underlying views (where we should use the UID of the EXPLAIN's INVOKER instead). We no longer run the EXPLAIN SUID (with DEFINER's privileges). This prevents a possible exploit and makes permissions more orthogonal. 2 - EXPLAIN SELECT would reveal a view's structure even if the user did not have SHOW VIEW privileges for that view, as long as they had SELECT privilege on the underlying tables. Instead of requiring both SHOW VIEW privilege on a view and SELECT privilege on all underlying tables, we were checking for presence of either of them. We now explicitly require SHOW VIEW and SELECT privileges on the view we run EXPLAIN SELECT on, as well as all its underlying views. We also require SELECT on all relevant tables. mysql-test/r/view_grant.result: add extensive tests to illustrate desired behavior and prevent regressions (as always). mysql-test/t/view_grant.test: add extensive tests to illustrate desired behavior and prevent regressions (as always). sql/sql_view.cc: We no longer run the EXPLAIN SUID (with DEFINER's privileges). To achieve this, we use a temporary, SUID-less TABLE_LIST for the views while checking privileges.
-
- 23 Sep, 2011 1 commit
-
-
Alexander Nozdrin authored
-
- 22 Sep, 2011 1 commit
-
-
Alexander Nozdrin authored
The main problem was that lex_start() was forgotten to be called before processing COM_REFRESH. Another problem discovered was that if failures to flush the error log were not properly handled, which resulted in the server crash. The user-visible effect of these problems were: - if COM_REFRESH command was sent after SQL-queries of some sort, the server would crash. - if COM_REFRESH was requested with REFRESH_LOG only, and the error log failed to flush, the server would crash. The error log fails to flush when it points to unavailable file (for example, due to restricted permissions). The fixes are: - call lex_start() in the beginning of COM_REFRESH; - handle failures to flush the error log properly, i.e. raise ER_UNKNOWN_ERROR. sql/sql_parse.cc: Fix for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY. tests/mysql_client_test.c: A test case for Bug#13001491: MYSQL_REFRESH CRASHES WHEN STORED ROUTINES ARE RUN CONCURRENTLY.
-
- 15 Sep, 2011 6 commits
-
-
Mattias Jonsson authored
-
Mattias Jonsson authored
-
Mattias Jonsson authored
(also 5.5+ solution for bug#11766879/bug#60106) The valgrind warning was due to an unused 'new handler_add_index(...)' which was never freed. The error handling did not work (fails as in bug#11766879) and the implementation was not as transparant as it could, therefore I made it a bit simpler and more transparant to the underlying handlers. This way it follows the api better and the error handling works and is also now tested. Also added a debug test to verify the error handling. Improved according to Jon Olavs review: Added class ha_partition_add_index. Also added base class Sql_alloc to handler_add_index. Update 3.
-
Mattias Jonsson authored
-
Mattias Jonsson authored
-
Kristofer Pettersson authored
Amendment to previous patch: Failure in CONV() should return NULL instead of empty set. When compiled on Windows or Solaris the function Item_func_conv::val_str() doesn't fail on longlong2str() but finds an earlier exit path based on the attributes of the arguments. This exit path returns NULL on failure and as a consequence the original patch caused different test results depending on the OS used.
-
- 06 Sep, 2011 1 commit
-
-
Kristofer Pettersson authored
Failure to check the return state of a longlong2str() call caused a crash. This could happen if a user executed the sql function CONV() with certain parameters. The patch fixes the issue by checking that the returned pointer isn't NULL.
-
- 24 Aug, 2011 1 commit
-
-
Tor Didriksen authored
-
- 23 Aug, 2011 2 commits
-
-
Kristofer Pettersson authored
The client-server protocol has left some room for interpretation which this patch fixes by introducing byte counters and enforced logic for SSL handshakes.
-
Mattias Jonsson authored
PARTITONING, ON INDEX CREATE If the first partition succeeded in adding a index, but a successive partition failed, then the first partition had still the new index. The fix reverts the added indexes from previous partitions on failure.
-
- 19 Aug, 2011 1 commit
-
-
Tor Didriksen authored
Bug#12532830 - SIGFPE OR ASSERTION (PRECISION <= ((9 * 9) - 8*2)) && (DEC <= 30)
-
- 17 Aug, 2011 3 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
Georgi Kodinov authored
-
- 13 Aug, 2011 1 commit
-
-
Dmitry Shulga authored
SET STATEMENT. Server built with debug asserts, without debug crashes if a user tries to run a stored procedure that constains query with subquery that include either LIMIT or LIMIT OFFSET clauses. The problem was that Item::fix_fields() was not called for the items representing LIMIT or OFFSET clauses. The solution is to call Item::fix_fields() right before evaluation in st_select_lex_unit::set_limit(). mysql-test/r/sp.result: Added testcase result for bug#12621017. Updated testcase result for bug 11918. mysql-test/t/sp.test: Added testcase for bug#12621017. Addressed review comments for Bug 11918 (added tests for use LIMIT at stored function). sql/item.h: Addressed review comments for Bug 11918. sql/share/errmsg-utf8.txt: Addressed review comments for Bug 11918. sql/sp_head.cc: Addressed review comments for Bug 11918. sql/sql_lex.cc: Added call fix_fields() for item just before its evaluation. sql/sql_yacc.yy: Addressed review comments for Bug 11918.
-
- 12 Aug, 2011 4 commits
-
-
Georgi Kodinov authored
-
Georgi Kodinov authored
FOR SOME PLUGINS TO WORK Some dynamically loadable plugins on the Mac may need functions from the CoreServices framework. Unfortunately the only place where this can be initialized is the main executable. Thus to allow plugins to use functions from that framework the mysqld binary needs to link to the framework.
-
Georgi Kodinov authored
PAM AUTHENTICATION SETTINGS SET PASSWORD code on a account with plugin authentication was errorneously resetting the in-memory plugin pointer for the user back to native password plugin despite the fact that it was sending a warning that the command has no immediate effect. Fixed by not updating the user's plugin if it's already set to a non default value. Note that the bug affected only the in-memory cache of the user definitions. Any restart of the server will fix the problem. Also the salt and the password has are still stored into the user tables (just as it's documented now). Test case added. One old test case result updated to have the correct value.
-
Georgi Kodinov authored
-
- 11 Aug, 2011 1 commit
-
-
Karen Langford authored
-
- 10 Aug, 2011 4 commits
-
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
-
Marko Mäkelä authored
row_sel_field_store_in_mysql_format(): Do not pad the unused part of the buffer reserved for a True VARCHAR column (introduced in 5.0.3). Add Valgrind instrumentation ensuring that the unused part will be flagged uninitialized. row_sel_copy_cached_field_for_mysql(): New function: Copy a field that is in the MySQL row format, not copying the unused tail of VARCHAR columns. row_sel_pop_cached_row_for_mysql(): Invoke row_sel_copy_cached_field_for_mysql() for copying fields. When the row is long, copy it field-by-field. rb:715 approved by Inaam Rana
-
- 09 Aug, 2011 3 commits
-
-
Ramil Kalimullin authored
-
Ramil Kalimullin authored
-
Ramil Kalimullin authored
-