[debian-mysql] Bug#536726: Regarding CVE-2009-2446: Problems with COM_CREATE_DB etc.

[Christian Hammers]

Hello MysQL

Debian was notified about
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2446
and we would like to backport the fix to our already release 5.0.51
package.

Can you confirm that the below snipped is a proper fix?
It comments out the two commands COM_CREATE_DB and COM_DROP_DB like
I saw it in the 5.1 branch.

Sadly the sql_parse.cc file is too big to be viewed using bezaar (gives
timeouts) and I cannot find the original commit or a bug in
bugs.mysql.com which would give me some hints if other changes were
necessary.
http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.1/annotate/head%3A/sql/sql_parse.cc

thanks for you help,

-christian-


--- old/sql/sql_parse.cc        2009-07-16 22:43:36.000000000 +0200
+++ new/sql/sql_parse.cc        2009-07-16 22:43:59.000000000 +0200
@@ -1920,6 +1920,7 @@
     error=TRUE;                                        // End server
     break;
 
+#ifdef REMOVED
   case COM_CREATE_DB:                          // QQ: To be removed
     {
       char *db=thd->strdup(packet), *alias;
@@ -1964,6 +1965,7 @@
       mysql_rm_db(thd, db, 0, 0);
       break;
     }
+#endif
 #ifndef EMBEDDED_LIBRARY
   case COM_BINLOG_DUMP:
     {
--- old/tests/mysql_client_test.c       2008-01-11 15:43:14.000000000 +0100 
+++ new/tests/mysql_client_test.c       2009-07-21 00:08:55.000000000 +0200 
@@ -12017,7 +12017,7 @@
 {
   int rc;
   myheader("test_bug6081");
-
+/* Those commands were disabled because of CVE-2009-2446.
   rc= simple_command(mysql, COM_DROP_DB, current_db,
                      (ulong)strlen(current_db), 0);
   myquery(rc);
@@ -12032,6 +12032,7 @@
   myquery_r(rc);
   rc= mysql_select_db(mysql, current_db);
   myquery(rc);
+*/
 }