Commit 03b0df94 authored by unknown's avatar unknown
Browse files

Check for empty table/column names 


mysql-test/t/create.test:
  Test for empty table/column name
tests/grant.pl:
  More tests
tests/grant.res:
  More tests
parent f3eb7fe0

mysql-test/t/create.test

+8 −0
Original line number Diff line number Diff line
@@ -59,6 +59,14 @@ create table test_$1.test2$ (a int); 
drop table test_$1.test2$;

drop database test_$1;



--error 1103

create table `` (a int);

--error 1103

drop table if exists ``;

--error 1166

create table t1 (`` int);

drop table if exists t1;



#

# Test of CREATE ... SELECT with indexes

#

sql/sql_parse.cc

+1 −2
Original line number Diff line number Diff line
@@ -2758,8 +2758,7 @@ TABLE_LIST *add_table_to_list(Table_ident *table, LEX_STRING *alias, 
  if (!table)

    DBUG_RETURN(0);				// End of memory

  alias_str= alias ? alias->str : table->table.str;

  if (table->table.length > NAME_LEN ||

      check_table_name(table->table.str,table->table.length) ||

  if (check_table_name(table->table.str,table->table.length) ||

      table->db.str && check_db_name(table->db.str))

  {

    net_printf(&thd->net,ER_WRONG_TABLE_NAME,table->table.str);

sql/sql_table.cc

+5 −7
Original line number Diff line number Diff line
@@ -244,6 +244,11 @@ int mysql_create_table(THD *thd,const char *db, const char *table_name, 
    }

    if (!(sql_field->flags & NOT_NULL_FLAG))

      null_fields++;

    if (check_column_name(sql_field->field_name))

    {

      my_error(ER_WRONG_COLUMN_NAME, MYF(0), sql_field->field_name);

      DBUG_RETURN(-1);

    }

    while ((dup_field=it2++) != sql_field)

    {

      if (my_strcasecmp(sql_field->field_name, dup_field->field_name) == 0)
@@ -688,13 +693,6 @@ TABLE *create_table_from_items(THD *thd, HA_CREATE_INFO *create_info, 
  while ((item=it++))

  {

    create_field *cr_field;

    if (strlen(item->name) > NAME_LEN ||

	check_column_name(item->name))

    {

      my_error(ER_WRONG_COLUMN_NAME,MYF(0),item->name);

      DBUG_RETURN(0);

    }



    Field *field=create_tmp_field(&tmp_table,item,item->type(),

				  (Item_result_field***) 0, &tmp_field,0,0);

    if (!field ||

sql/table.cc

+6 −1
Original line number Diff line number Diff line
@@ -1099,6 +1099,8 @@ bool check_db_name(char *name) 
bool check_table_name(const char *name, uint length)

{

  const char *end= name+length;

  if (!length || length > NAME_LEN)

    return 1;



  while (name != end)

  {
@@ -1122,6 +1124,8 @@ bool check_table_name(const char *name, uint length) 


bool check_column_name(const char *name)

{

  const char *start= name;



  while (*name)

  {

#if defined(USE_MB) && defined(USE_MB_IDENT)
@@ -1139,7 +1143,8 @@ bool check_column_name(const char *name) 
      return 1;

    name++;

  }

  return 0;

  /* Error if empty or too long column name */

  return (name == start || (uint) (name - start) > NAME_LEN);

}



/*

tests/grant.pl

+10 −0
Original line number Diff line number Diff line
@@ -207,6 +207,16 @@ user_query("delete from $opt_database.test where a=1",1); 
user_query("update $opt_database.test set b=3 where b=1",1);

user_query("update $opt_database.test set b=b+1",1);



#

# Test global SELECT privilege combined with table level privileges

#



safe_query("grant SELECT on *.* to $user");

user_connect(0);

user_query("update $opt_database.test set b=b+1");

safe_query("revoke SELECT on *.* from $user");

user_connect(0);



# Add one privilege at a time until the user has all privileges

user_query("select * from test",1);

safe_query("grant select on $opt_database.test to $user");