database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)

Browse Source 
if lex->definer is replaced, take care to restore it at the
end of PS EXECUTE
This commit is contained in:
Sergei Golubchik
2022-11-18 18:22:19 +01:00
parent 4493642e4c
commit 5e3c948cc9
3 changed files with 38 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
mysql-test/main/sp-security.result
View File

@ -659,7 +659,9 @@ USE test;
DROP USER 'tester'; DROP USER 'tester';
DROP USER 'Tester'; DROP USER 'Tester';
DROP DATABASE B48872; DROP DATABASE B48872;
End of 5.0 tests. #
# End of 5.0 tests.
#
# #
# Test for bug#57061 "User without privilege on routine can discover # Test for bug#57061 "User without privilege on routine can discover
# its existence." # its existence."
@ -804,7 +806,7 @@ DROP DATABASE u1;
DROP USER u1@localhost; DROP USER u1@localhost;
set @@global.character_set_server=@save_character_set_server; set @@global.character_set_server=@save_character_set_server;
# #
# Start of 10.5 tests # End of 10.2 tests
# #
# #
# MDEV-20366 Server crashes in get_current_user upon SET PASSWORD via SP # MDEV-20366 Server crashes in get_current_user upon SET PASSWORD via SP
@ -821,3 +823,17 @@ DROP USER foo@localhost;
# #
# End of 10.5 tests # End of 10.5 tests
# #
#
# MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)
#
set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)";
prepare s from @cmd;
execute s;
Warnings:
Note 1449 The user specified as a definer ('u'@'%') does not exist
execute s;
ERROR 42000: FUNCTION f already exists
drop function f;
#
# End of 10.6 tests
#

23
mysql-test/main/sp-security.test
View File

@ -911,8 +911,9 @@ DROP USER 'tester';
DROP USER 'Tester'; DROP USER 'Tester';
DROP DATABASE B48872; DROP DATABASE B48872;
--echo End of 5.0 tests. --echo #
--echo # End of 5.0 tests.
--echo #
--echo # --echo #
--echo # Test for bug#57061 "User without privilege on routine can discover --echo # Test for bug#57061 "User without privilege on routine can discover
@ -1080,9 +1081,8 @@ DROP USER u1@localhost;
set @@global.character_set_server=@save_character_set_server; set @@global.character_set_server=@save_character_set_server;
--echo # --echo #
--echo # Start of 10.5 tests --echo # End of 10.2 tests
--echo # --echo #
--echo # --echo #
@ -1102,7 +1102,20 @@ CALL p1();
DROP PROCEDURE p1; DROP PROCEDURE p1;
DROP USER foo@localhost; DROP USER foo@localhost;
--echo # --echo #
--echo # End of 10.5 tests --echo # End of 10.5 tests
--echo # --echo #
--echo #
--echo # MDEV-29852 SIGSEGV in mysql_create_routine or is_acl_user on 2nd execution, ASAN use-after-poison in get_current_user (sql_acl.cc)
--echo #
set @cmd:="create definer=u function f(i int) returns char binary reads sql data return concat (1,i)";
prepare s from @cmd;
execute s;
--error ER_SP_ALREADY_EXISTS
execute s;
drop function f;
--echo #
--echo # End of 10.6 tests
--echo #

3
sql/sql_parse.cc
View File

@ -2800,9 +2800,10 @@ bool sp_process_definer(THD *thd)
} }
else else
{ {
LEX_USER *d= lex->definer= get_current_user(thd, lex->definer); LEX_USER *d= get_current_user(thd, lex->definer);
if (!d) if (!d)
DBUG_RETURN(TRUE); DBUG_RETURN(TRUE);
thd->change_item_tree((Item**)&lex->definer, (Item*)d);
/* /*
If the specified definer differs from the current user or role, we If the specified definer differs from the current user or role, we