sql_acl.cc:

BUG #5831 Revoke privileges in a loop until no more privileges are revoked, because acl_dbs and column_priv_hash can re-organize during privilege removal. sql/sql_acl.cc: BUG #5831 Revoke privileges in a loop until no more privileges are revoked, because acl_dbs and column_priv_hash can re-organize during privilege removal.
2025-08-09 22:24:09 +03:00 · 2004-10-18 20:25:47 -05:00
parent 1412365a3f
commit 272ff45362
1 changed files with 73 additions and 49 deletions
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -3623,6 +3623,14 @@ int mysql_revoke_all(THD *thd,  List <LEX_USER> &list)
    }

    /* Remove db access privileges */
+    /*
+      Because acl_dbs and column_priv_hash shrink and may re-order
+      as privileges are removed, removal occurs in a repeated loop
+      until no more privileges are revoked.
+     */
+    while (1)
+    {
+      int revoke= 0;
      for (counter= 0 ; counter < acl_dbs.elements ; )
      {
 	const char *user,*host;
@@ -3639,12 +3647,21 @@ int mysql_revoke_all(THD *thd,  List <LEX_USER> &list)
 	  if (replace_db_table(tables[1].table, acl_db->db, *lex_user, ~0, 1))
 	    result= -1;
 	  else
+	  {
+	    revoke= 1;
 	    continue;
 	  }
+	}
 	++counter;
      }
+      if (!revoke)
+	break;
+    }

    /* Remove column access */
+    while (1)
+    {
+      int revoke= 0;
      for (counter= 0 ; counter < column_priv_hash.records ; )
      {
 	const char *user,*host;
@@ -3662,9 +3679,7 @@ int mysql_revoke_all(THD *thd,  List <LEX_USER> &list)
 				  grant_table->db,
 				  grant_table->tname,
 				  ~0, 0, 1))
-	{
 	    result= -1;
-	}
 	  else
 	  {
 	    if (grant_table->cols)
@@ -3677,14 +3692,23 @@ int mysql_revoke_all(THD *thd,  List <LEX_USER> &list)
 				       ~0, 1))
 		result= -1;
 	      else
+	      {
+		revoke= 1;
 		continue;
 	      }
+	    }
 	    else
+	    {
+	      revoke= 1;
 	      continue;
 	    }
 	  }
+	}
 	++counter;
      }
+      if (!revoke)
+	break;
+    }
  }

  VOID(pthread_mutex_unlock(&acl_cache->lock));