Security fix: LOCK TABLES must check for sufficient privileges.
sql/sql_parse.cc: Check table access for SQLCOM_LOCK_TABLES.
This commit is contained in:
parent
188349dd96
commit
f58ae5e347
@ -1851,6 +1851,15 @@ mysql_execute_command(void)
|
||||
}
|
||||
if (check_db_used(thd,tables) || end_active_trans(thd))
|
||||
goto error;
|
||||
for (TABLE_LIST *tmp = tables; tmp; tmp = tmp->next)
|
||||
{
|
||||
if (!(tmp->lock_type == TL_READ_NO_INSERT ?
|
||||
!check_table_access(thd, SELECT_ACL, tmp) :
|
||||
(!check_table_access(thd, INSERT_ACL, tmp) ||
|
||||
!check_table_access(thd, UPDATE_ACL, tmp) ||
|
||||
!check_table_access(thd, DELETE_ACL, tmp))))
|
||||
goto error;
|
||||
}
|
||||
thd->in_lock_tables=1;
|
||||
if (!(res=open_and_lock_tables(thd,tables)))
|
||||
{
|
||||
|
Loading…
x
Reference in New Issue
Block a user