[#MDEV-13368] Stored routines `a.b`.`c` and `a`.`b.c` are erroneously treated as same

[MDEV-13368] Stored routines `a.b`.`c` and `a`.`b.c` are erroneously treated as same Created: 2017-07-21 Updated: 2023-04-27
Status:	Open
Project:	MariaDB Server
Component/s:	Stored routines
Affects Version/s:	10.0, 10.1, 10.2, 10.3
Fix Version/s:	10.4

Type:

Bug

Priority:

Major

Reporter:

Alexander Barkov

Assignee:

Alexander Barkov

Resolution:

Unresolved

Votes:

Labels:

None

Description

DROP DATABASE IF EXISTS `a`;

DROP DATABASE IF EXISTS `a.b`;

CREATE DATABASE `a.b`;

CREATE FUNCTION `a.b`.`c`() RETURNS INT RETURN 10;

SELECT `a.b`.`c`(), `a`.`b.c`();

+-------------+-------------+

| `a.b`.`c`() | `a`.`b.c`() |

+-------------+-------------+

|          10 |          10 |

+-------------+-------------+

Notice, the function is accessible with two names:

The function created as `a.b`.`c`() should not be available as `a`.`b.c`().
Looks like a potential security hole.

Generated at Thu Feb 08 08:05:03 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.