Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-13368

Stored routines `a.b`.`c` and `a`.`b.c` are erroneously treated as same

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 10.0, 10.1, 10.2, 10.3
    • Fix Version/s: 10.3
    • Component/s: Stored routines
    • Labels:
      None

      Description

      DROP DATABASE IF EXISTS `a`;
      DROP DATABASE IF EXISTS `a.b`;
      CREATE DATABASE `a.b`;
      CREATE FUNCTION `a.b`.`c`() RETURNS INT RETURN 10;
      SELECT `a.b`.`c`(), `a`.`b.c`();
      

      +-------------+-------------+
      | `a.b`.`c`() | `a`.`b.c`() |
      +-------------+-------------+
      |          10 |          10 |
      +-------------+-------------+
      

      Notice, the function is accessible with two names:

      • Database `a.b` function `c`
      • Database `a` function `b.c`

      The function created as `a.b`.`c`() should not be available as `a`.`b.c`().
      Looks like a potential security hole.

        Attachments

          Activity

            People

            • Assignee:
              bar Alexander Barkov
              Reporter:
              bar Alexander Barkov
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: