Issue Details (XML | Word | Printable)

Key: CORE-5982
Type: Bug Bug
Status: Closed Closed
Resolution: Fixed
Priority: Blocker Blocker
Assignee: Dmitriy Starodubov
Reporter: Segey Khalyutin
Votes: 0
Watchers: 3
Operations

If you were logged in you would be able to see more operations.
Firebird Core

error read permission for BLOB field, when it is input/output procedure`s parametr

Created: 12/Jan/19 03:53 PM   Updated: 16/Feb/19 06:41 PM
Component/s: Engine
Affects Version/s: 4.0 Alpha 1, 3.0.4
Fix Version/s: 4.0 Beta 1, 3.0.5

Environment:
- linux suse 15 x64 fresh installation
- win10 x64 with fb-3.0,4 x32

QA Status: Done successfully


 Description  « Hide
connect 'd:\database\my_database.fdb' user 'SYSDBA' password 'masterkey';
-- drop user MY_USER;
drop database;
create database 'd:\database\my_database.fdb' user 'SYSDBA' password 'masterkey' page_size 8192 default character set UTF8;
-- create user MY_USER password 'MY_PASS' ;
set term ^;


create table my_table
( my_num integer
, my_data blob
) ^
commit work ^

insert into my_table(my_num , my_data) values (1, 'qwerty') ^


create or alter procedure my_proc_2(my_data blob)
as
    declare variable my_value blob;
begin
    my_value = my_data ;
end ^
-- grant select on table my_table to procedure my_proc_2 ^


create or alter procedure my_proc
-- returns ( my_data blob)
as
    declare variable my_data blob;
begin
    select my_data
      from my_table
     where my_num = 1
     into: my_data;

     execute procedure my_proc_2(my_data);

end ^
grant select on table my_table to procedure my_proc ^
grant execute on procedure my_proc_2 to procedure my_proc ^
grant execute on procedure my_proc to public ^

-- execute procedure my_proc ^

commit work ^
set term ;^

connect 'd:\database\my_database.fdb' user MY_USER password 'MY_PASS';
set term ^;


execute procedure my_proc ^ -- result of this execute id : 'no permission for SELECT access to TABLE MY_TABLE'


/*

C:\WINDOWS\system32>"C:\Program Files (x86)\Firebird\Firebird_3_0\isql" -i D:\source\NOTEMATRIX\FBSQL\test\script.sql
Use CONNECT or CREATE DATABASE to specify a database
Statement failed, SQLSTATE = 28000
no permission for SELECT access to TABLE MY_TABLE
-At procedure 'MY_PROC_2' line: 5, col: 5
At procedure 'MY_PROC' line: 11, col: 6
After line 53 in file D:\source\NOTEMATRIX\FBSQL\test\script.sql

*/





 All   Comments   Change History   Subversion Commits      Sort Order: Ascending order - Click to sort in descending order
Alexander Peshkov added a comment - 12/Jan/19 05:59 PM
Roman, suppose it's related with security fix regarding blobs access

Roman Simakov added a comment - 13/Jan/19 08:00 AM
We'll take a look