MDEV-25141 JSON_TABLE: SELECT into outfile bypasses file privilege check.
access rights checking fixed.
This commit is contained in:
parent
abdc39b0a7
commit
047eb2258d
@ -111,6 +111,8 @@ a
|
|||||||
select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
|
select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
|
||||||
a f
|
a f
|
||||||
{"foo":"bar"} bar
|
{"foo":"bar"} bar
|
||||||
|
select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q;
|
||||||
|
ERROR 28000: Access denied for user 'u'@'localhost' (using password: NO)
|
||||||
connection default;
|
connection default;
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
drop user u@localhost;
|
drop user u@localhost;
|
||||||
|
@ -74,6 +74,12 @@ grant select (a) on db.t to u@localhost;
|
|||||||
select a from t;
|
select a from t;
|
||||||
select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
|
select * from t, json_table(t.a, '$' columns(f varchar(20) path '$.foo')) as jt;
|
||||||
|
|
||||||
|
#
|
||||||
|
# MDEV-25141 JSON_TABLE: SELECT into outfile bypasses file privilege check
|
||||||
|
#
|
||||||
|
--error ER_ACCESS_DENIED_ERROR
|
||||||
|
select * into outfile 'f' from json_table('[]', '$' columns(x for ordinality)) q;
|
||||||
|
|
||||||
connection default;
|
connection default;
|
||||||
disconnect con1;
|
disconnect con1;
|
||||||
|
|
||||||
|
@ -8150,16 +8150,9 @@ bool check_grant(THD *thd, privilege_t want_access, TABLE_LIST *tables,
|
|||||||
if (!want_access)
|
if (!want_access)
|
||||||
continue; // ok
|
continue; // ok
|
||||||
|
|
||||||
if (t_ref->table_function)
|
|
||||||
{
|
|
||||||
/* Table function doesn't need any privileges to be checked. */
|
|
||||||
t_ref->grant.privilege|= TMP_TABLE_ACLS;
|
|
||||||
t_ref->grant.want_privilege= NO_ACL;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(~t_ref->grant.privilege & want_access) ||
|
if (!(~t_ref->grant.privilege & want_access) ||
|
||||||
t_ref->is_anonymous_derived_table() || t_ref->schema_table)
|
t_ref->is_anonymous_derived_table() || t_ref->schema_table ||
|
||||||
|
t_ref->table_function)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
It is subquery in the FROM clause. VIEW set t_ref->derived after
|
It is subquery in the FROM clause. VIEW set t_ref->derived after
|
||||||
@ -8168,7 +8161,8 @@ bool check_grant(THD *thd, privilege_t want_access, TABLE_LIST *tables,
|
|||||||
NOTE: is_derived() can't be used here because subquery in this case
|
NOTE: is_derived() can't be used here because subquery in this case
|
||||||
the FROM clase (derived tables) can be not be marked yet.
|
the FROM clase (derived tables) can be not be marked yet.
|
||||||
*/
|
*/
|
||||||
if (t_ref->is_anonymous_derived_table() || t_ref->schema_table)
|
if (t_ref->is_anonymous_derived_table() || t_ref->schema_table ||
|
||||||
|
t_ref->table_function)
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
If it's a temporary table created for a subquery in the FROM
|
If it's a temporary table created for a subquery in the FROM
|
||||||
|
@ -7104,9 +7104,6 @@ check_table_access(THD *thd, privilege_t requirements, TABLE_LIST *tables,
|
|||||||
if (table_ref->is_anonymous_derived_table())
|
if (table_ref->is_anonymous_derived_table())
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (table_ref->table_function)
|
|
||||||
continue;
|
|
||||||
|
|
||||||
if (table_ref->sequence)
|
if (table_ref->sequence)
|
||||||
{
|
{
|
||||||
/* We want to have either SELECT or INSERT rights to sequences depending
|
/* We want to have either SELECT or INSERT rights to sequences depending
|
||||||
@ -7116,7 +7113,9 @@ check_table_access(THD *thd, privilege_t requirements, TABLE_LIST *tables,
|
|||||||
INSERT_ACL : SELECT_ACL);
|
INSERT_ACL : SELECT_ACL);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (check_access(thd, want_access, table_ref->get_db_name(),
|
if (check_access(thd, want_access,
|
||||||
|
table_ref->table_function ? any_db :
|
||||||
|
table_ref->get_db_name(),
|
||||||
&table_ref->grant.privilege,
|
&table_ref->grant.privilege,
|
||||||
&table_ref->grant.m_internal,
|
&table_ref->grant.m_internal,
|
||||||
0, no_errors))
|
0, no_errors))
|
||||||
|
Loading…
x
Reference in New Issue
Block a user