1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-6960 Server crashes in check_alter_user on setting a default role via PS

Browse Source 
There were two issues:

* set_var_default_role::user was overwritten with a new value,
  allocated in the thd->mem_root, which is reset between executions.
  That was causing the crash. Solved by introducing set_var_default_role::real_user

* when privilege tables were opened on EXECUTE, the reprepare_observer
  would abort the statement (as privilege tables are opened using
  the local TABLE_LIST that doesn't preserve metadata from PREPARE, so
  reprepare_observer thought they're changed). This issue also applied
  to SET PASSWORD. Solved by disabling reprepare_observer.
This commit is contained in:
Sergei Golubchik 2015-02-27 20:13:51 +01:00
parent 7951bb1656
commit ba80708f66
4 changed files with 36 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
mysql-test/suite/roles/set_default_role_ps-6960.result Normal file
View File

@ -0,0 +1,8 @@
create role r1;
prepare stmt from "set password = '11111111111111111111111111111111111111111'";
execute stmt;
prepare stmt from "set default role r1";
execute stmt;
set password = '';
set default role NONE;
drop role r1;

15
mysql-test/suite/roles/set_default_role_ps-6960.test Normal file
View File

@ -0,0 +1,15 @@
#
# MDEV-6960 Server crashes in check_alter_user on setting a default role via PS
#
--source include/not_embedded.inc
create role r1;
prepare stmt from "set password = '11111111111111111111111111111111111111111'";
execute stmt;
prepare stmt from "set default role r1";
execute stmt;
set password = '';
set default role NONE;
drop role r1;

16
sql/set_var.cc
View File

@ -860,7 +860,11 @@ int set_var_password::check(THD *thd)
int set_var_password::update(THD *thd) int set_var_password::update(THD *thd)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
return change_password(thd, user); Reprepare_observer *save_reprepare_observer= thd->m_reprepare_observer;
thd->m_reprepare_observer= 0;
int res= change_password(thd, user);
thd->m_reprepare_observer= save_reprepare_observer;
return res;
#else #else
return 0; return 0;
#endif #endif
@ -896,8 +900,8 @@ int set_var_role::update(THD *thd)
int set_var_default_role::check(THD *thd) int set_var_default_role::check(THD *thd)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
user= get_current_user(thd, user); real_user= get_current_user(thd, user);
int status= acl_check_set_default_role(thd, user->host.str, user->user.str); int status= acl_check_set_default_role(thd, real_user->host.str, real_user->user.str);
return status; return status;
#else #else
return 0; return 0;
@ -907,7 +911,11 @@ int set_var_default_role::check(THD *thd)
int set_var_default_role::update(THD *thd) int set_var_default_role::update(THD *thd)
{ {
#ifndef NO_EMBEDDED_ACCESS_CHECKS #ifndef NO_EMBEDDED_ACCESS_CHECKS
return acl_set_default_role(thd, user->host.str, user->user.str, role.str); Reprepare_observer *save_reprepare_observer= thd->m_reprepare_observer;
thd->m_reprepare_observer= 0;
int res= acl_set_default_role(thd, real_user->host.str, real_user->user.str, role.str);
thd->m_reprepare_observer= save_reprepare_observer;
return res;
#else #else
return 0; return 0;
#endif #endif

2
sql/set_var.h
View File

@ -344,7 +344,7 @@ public:
class set_var_default_role: public set_var_base class set_var_default_role: public set_var_base
{ {
LEX_USER *user; LEX_USER *user, *real_user;
LEX_STRING role; LEX_STRING role;
public: public:
set_var_default_role(LEX_USER *user_arg, LEX_STRING role_arg) : set_var_default_role(LEX_USER *user_arg, LEX_STRING role_arg) :