Security fix: LOCK TABLES must check for sufficient privileges.

sql/sql_parse.cc: Check table access for SQLCOM_LOCK_TABLES.
2001-05-22 16:21:07 -04:00 · 2001-05-22 16:21:07 -04:00 · f58ae5e347
commit f58ae5e347
parent 188349dd96
1 changed files with 9 additions and 0 deletions
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@ -1851,6 +1851,15 @@ mysql_execute_command(void)
    }
    if (check_db_used(thd,tables) || end_active_trans(thd))
      goto error;
+    for (TABLE_LIST *tmp = tables; tmp; tmp = tmp->next)
+    {
+      if (!(tmp->lock_type == TL_READ_NO_INSERT ?
+            !check_table_access(thd, SELECT_ACL, tmp) :
+            (!check_table_access(thd, INSERT_ACL, tmp) ||
+             !check_table_access(thd, UPDATE_ACL, tmp) ||
+             !check_table_access(thd, DELETE_ACL, tmp))))
+         goto error;
+    }
    thd->in_lock_tables=1;
    if (!(res=open_and_lock_tables(thd,tables)))
    {