1. 04 May, 2010 1 commit
    • Georgi Kodinov's avatar
      Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · 84716cb8
      Georgi Kodinov authored
      This is the 5.1 merge and extension of the fix.
      The server was happily accepting paths in table name in all places a table
      name is accepted (e.g. a SELECT). This allowed all users that have some 
      privilege over some database to read all tables in all databases in all
      mysql server instances that the server file system has access to.
      Fixed by :
      1. making sure no path elements are allowed in quoted table name when
      constructing the path (note that the path symbols are still valid in table names
      when they're properly escaped by the server).
      2. checking the #mysql50# prefixed names the same way they're checked for
      path elements in mysql-5.0.
      84716cb8
  2. 03 May, 2010 3 commits
    • Kristofer Pettersson's avatar
      Automerge · 3f647197
      Kristofer Pettersson authored
      3f647197
    • Kristofer Pettersson's avatar
      Bug#50373 --secure-file-priv="" · bf1887fa
      Kristofer Pettersson authored
      Iterative patch improvement. Previously committed patch
      caused wrong result on Windows. The previous patch also
      broke secure_file_priv for symlinks since not all file
      paths which must be compared against this variable are
      normalized using the same norm.
      
      The server variable opt_secure_file_priv wasn't
      normalized properly and caused the operations
      LOAD DATA INFILE .. INTO TABLE ..
      and
      SELECT load_file(..)
      to do different interpretations of the 
      --secure-file-priv option.
           
      The patch moves code to the server initialization
      routines so that the path always is normalized
      once and only once.
            
      It was also intended that setting the option
      to an empty string should be equal to 
      lifting all previously set restrictions. This
      is also fixed by this patch.
      
      
      mysql-test/r/loaddata.result:
        * Removed test code which will currently break the much used --mem feature of mtr.
      mysql-test/t/loaddata.test:
        * Removed test code which will currently break the much used --mem feature of mtr.
      sql/item_strfunc.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      sql/mysql_priv.h:
        * Added signature for is_secure_file_path()
      sql/mysqld.cc:
        * New function for checking if a path compatible with the secure path restriction.
        * Added initialization of the opt_secure_file_priv variable.
      sql/sql_class.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      sql/sql_load.cc:
        * Replaced string comparing code on opt_secure_file_priv with an interface which guarantees that both file paths are normalized using the same norm on all platforms.
      bf1887fa
    • Georgi Kodinov's avatar
      Bug #53371: COM_FIELD_LIST can be abused to bypass table level grants. · f41419a8
      Georgi Kodinov authored
      The server was not checking the supplied to COM_FIELD_LIST table name
      for validity and compliance to acceptable table names standards.
      Fixed by checking the table name for compliance similar to how it's 
      normally checked by the parser and returning an error message if 
      it's not compliant.
      f41419a8
  3. 01 May, 2010 1 commit
  4. 30 Apr, 2010 3 commits
    • Alexey Kopytov's avatar
      Automerge. · 9dca1273
      Alexey Kopytov authored
      9dca1273
    • Alexey Kopytov's avatar
      Bug #48419: another explain crash.. · e65751ef
      Alexey Kopytov authored
      WHERE predicates containing references to empty tables in a
      subquery were handled incorrectly by the optimizer when
      executing EXPLAIN. As a result, the optimizer could try to
      evaluate such predicates rather than just stop with
      "Impossible WHERE noticed after reading const tables" as 
      it would do in a non-subquery case. This led to valgrind 
      errors and crashes.
      
      Fixed the code checking the above condition so that subqueries
      are not excluded and hence are handled in the same way as top
      level SELECTs.
      
      mysql-test/r/explain.result:
        Added a test case for bug #48419.
      mysql-test/r/ps.result:
        Updated test results to take the new (and more correct)
        "Extra" comments in execution plans.
      mysql-test/t/explain.test:
        Added a test case for bug #48419.
      sql/sql_select.cc:
        There is no point in excluding subqueries from checking
        for identically false WHERE conditions.
      e65751ef
    • Vasil Dimov's avatar
      Disable innodb.innodb, main.ps_3innodb and main.partition_innodb_plugin · 712ed5e7
      Vasil Dimov authored
      mysql-tests because those emit (spurious?) valgrind warnings.
      712ed5e7
  5. 29 Apr, 2010 7 commits
  6. 28 Apr, 2010 5 commits
    • Vasil Dimov's avatar
      Bug#53046 dict_update_statistics_low can still be run concurrently · 2d457634
      Vasil Dimov authored
      on same table
      
      Followup to vasil.dimov@oracle.com-20100428102033-dt3caf531rs3lidr :
      
      Add more asserions, which I forgot.
      2d457634
    • Vasil Dimov's avatar
      Revert the fix of Bug#38996 Race condition in ANALYZE TABLE · fe5e1ac2
      Vasil Dimov authored
      This is branches/zip@r6032 in SVN and _is part_ of
      revid:svn-v4:16c675df-0fcb-4bc9-8058-dcc011a37293:branches/zip:6113
      in BZR.
      
      This is being reverted because now the code is serialized directly on
      index->stat_n_diff_key_vals[] as the fix for
      Bug#53046 dict_update_statistics_low can still be run concurrently on same table
      goes.
      fe5e1ac2
    • Vasil Dimov's avatar
      Followup to vasil.dimov@oracle.com-20100428084627-wtrmc66wqvjsdgj7: · af405f82
      Vasil Dimov authored
      Address Marko's suggestions wrt the fix of
      Bug#53046 dict_update_statistics_low can still be run concurrently
      on same table
      af405f82
    • Vasil Dimov's avatar
      Fix Bug#53046 dict_update_statistics_low can still be run concurrently · b83e064e
      Vasil Dimov authored
      on same table
      
      Protect dict_index_t::stat_n_diff_key_vals[] with an array of
      mutexes.
      
      Testing: tested all code paths under UNIV_SYNC_DEBUG
      for the one in dict_print() one has to enable the InnoDB table monitor:
      CREATE TABLE innodb_table_monitor (a int) ENGINE=INNODB;
      b83e064e
    • Marko Makela's avatar
      Merge r6103 from InnoDB Plugin to the built-in InnoDB to fix Bug #53202: · 583ef705
      Marko Makela authored
        ------------------------------------------------------------------------
        r6103 | marko | 2009-10-26 15:46:18 +0200 (Mon, 26 Oct 2009) | 4 lines
        Changed paths:
           M /branches/zip/row/row0ins.c
      
        branches/zip: row_ins_alloc_sys_fields(): Zero out the system columns
        DB_TRX_ID, DB_ROLL_PTR and DB_ROW_ID, in order to avoid harmless
        Valgrind warnings about uninitialized data.  (The warnings were
        harmless, because the fields would be initialized at a later stage.)
        ------------------------------------------------------------------------
      583ef705
  7. 27 Apr, 2010 6 commits
  8. 26 Apr, 2010 8 commits
  9. 22 Apr, 2010 2 commits
  10. 21 Apr, 2010 4 commits