From be04d1a47953188ced936a81824fdf871b8e9656 Mon Sep 17 00:00:00 2001 From: "Tatiana A. Nurnberg" Date: Thu, 29 Oct 2009 22:06:10 -0700 Subject: Bug#48319: Server crashes on "GRANT/REVOKE ... TO CURRENT_USER" CURRENT_USER() in GRANT ... TO CURRENT_USER() only gave us a definer, not a full user (i.e., password-element was not initiliazed). Hence dereferencing the password led to a crash. Properly initializes definers now, just so there are no misunderstandings. Also does some magic so IDENTIFIED BY ... works with CURRENT_USER(). mysql-test/r/grant2.result: Show GRANT ... TO CURRENT_USER() no longer crashes. Show it to work with IDENTIFIED BY to boot. mysql-test/t/grant2.test: Show GRANT ... TO CURRENT_USER() no longer crashes. Show it to work with IDENTIFIED BY to boot. sql/sql_acl.cc: Make IDENTIFIED BY ... work with CURRENT_USER() sql/sql_parse.cc: Zero password-part of definer just in case somebody mistakes this for a complete LEX_USER! --- sql/sql_acl.cc | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 0592bb3be1d..5259b560532 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -3451,6 +3451,13 @@ bool mysql_grant(THD *thd, const char *db, List &list, result= TRUE; continue; } + /* + No User, but a password? + They did GRANT ... TO CURRENT_USER() IDENTIFIED BY ... ! + Get the current user, and shallow-copy the new password to them! + */ + if (!tmp_Str->user.str && tmp_Str->password.str) + Str->password= tmp_Str->password; if (replace_user_table(thd, tables[0].table, *Str, (!db ? rights : 0), revoke_grant, create_new_users, test(thd->variables.sql_mode & -- cgit v1.2.1 From 0a686030589dae2fe6bf99f4c3d4a73d4268a491 Mon Sep 17 00:00:00 2001 From: Kristofer Pettersson Date: Fri, 20 Nov 2009 16:18:01 +0100 Subject: Bug#45613 handle failures from my_hash_insert Not all my_hash_insert() calls are checked for return value. This patch adds appropriate checks and failure responses where needed. mysys/hash.c: * Debug hook for testing failures in my_hash_insert() --- sql/sql_acl.cc | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 35047ca7407..6580bc50b22 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2400,7 +2400,12 @@ GRANT_TABLE::GRANT_TABLE(TABLE *form, TABLE *col_privs) privs = cols = 0; /* purecov: deadcode */ return; /* purecov: deadcode */ } - my_hash_insert(&hash_columns, (uchar *) mem_check); + if (my_hash_insert(&hash_columns, (uchar *) mem_check)) + { + /* Invalidate this entry */ + privs= cols= 0; + return; + } } while (!col_privs->file->index_next(col_privs->record[0]) && !key_cmp_if_same(col_privs,key,0,key_prefix_len)); col_privs->file->ha_index_end(); @@ -2605,7 +2610,11 @@ static int replace_column_table(GRANT_TABLE *g_t, goto end; /* purecov: inspected */ } grant_column= new GRANT_COLUMN(column->column,privileges); - my_hash_insert(&g_t->hash_columns,(uchar*) grant_column); + if (my_hash_insert(&g_t->hash_columns,(uchar*) grant_column)) + { + result= -1; + goto end; + } } } @@ -3130,12 +3139,12 @@ int mysql_table_grant(THD *thd, TABLE_LIST *table_list, Str->user.str, table_name, rights, column_priv); - if (!grant_table) // end of memory + if (!grant_table || + my_hash_insert(&column_priv_hash,(uchar*) grant_table)) { result= TRUE; /* purecov: deadcode */ continue; /* purecov: deadcode */ } - my_hash_insert(&column_priv_hash,(uchar*) grant_table); } /* If revoke_grant, calculate the new column privilege for tables_priv */ @@ -3339,12 +3348,13 @@ bool mysql_routine_grant(THD *thd, TABLE_LIST *table_list, bool is_proc, grant_name= new GRANT_NAME(Str->host.str, db_name, Str->user.str, table_name, rights); - if (!grant_name) + if (!grant_name || + my_hash_insert(is_proc ? + &proc_priv_hash : &func_priv_hash,(uchar*) grant_name)) { result= TRUE; continue; } - my_hash_insert(is_proc ? &proc_priv_hash : &func_priv_hash,(uchar*) grant_name); } if (replace_routine_table(thd, grant_name, tables[1].table, *Str, -- cgit v1.2.1 From c70a9fa1e3c459e030546b0ca1ac916970bb489b Mon Sep 17 00:00:00 2001 From: Davi Arnaut Date: Sat, 21 Nov 2009 09:18:21 -0200 Subject: Bug#41726: upgrade from 5.0 to 5.1.30 crashes if you didn't run mysql_upgrade The problem is that the server could crash when attempting to access a non-conformant proc system table. One such case was a crash when invoking stored procedure related statements on a 5.1 server with a proc system table in the 5.0 format. The solution is to validate the proc system table format before attempts to access it are made. If the table is not in the format that the server expects, a message is written to the error log and the statement that caused the table to be accessed fails. mysql-test/r/sp-destruct.result: Add test case result for Bug#41726 mysql-test/t/sp-destruct.test: Add test case for Bug#41726 sql/event_db_repository.cc: Update code to use new structures. sql/sp.cc: Describe the proc table format and use it to validate when opening a instance of the table. Add a check to insure that a error message is written to the error log only once. sql/sql_acl.cc: Remove unused variable and use new structure. sql/sql_acl.h: Export field definition. sql/table.cc: Accept the field count and definition in a single structure. sql/table.h: Combine the field count and definition in a single structure. Transform function into a class in order to support different ways of reporting a error. Add a pointer cache to TABLE_SHARE. --- sql/sql_acl.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index fd87a5c0961..eb91f66d114 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -31,9 +31,8 @@ #include "sp_head.h" #include "sp.h" -time_t mysql_db_table_last_check= 0L; - -TABLE_FIELD_W_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = { +static const +TABLE_FIELD_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = { { { C_STRING_WITH_LEN("Host") }, { C_STRING_WITH_LEN("char(60)") }, @@ -146,6 +145,8 @@ TABLE_FIELD_W_TYPE mysql_db_table_fields[MYSQL_DB_FIELD_COUNT] = { } }; +const TABLE_FIELD_DEF + mysql_db_table_def= {MYSQL_DB_FIELD_COUNT, mysql_db_table_fields}; #ifndef NO_EMBEDDED_ACCESS_CHECKS -- cgit v1.2.1 From 2ac344ecf662f6b5d901825850e3b5568ab91174 Mon Sep 17 00:00:00 2001 From: Georgi Kodinov Date: Fri, 27 Nov 2009 11:59:44 +0200 Subject: Bug #48872 : Privileges for stored functions ignored if function name is mixed case Transcode the procedure name to lowercase when searching for it in the hash. This is the missing part of the fix for bug #41049. --- sql/sql_acl.cc | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'sql/sql_acl.cc') diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index d04a81e2b0a..f29baad9a84 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2280,14 +2280,17 @@ static GRANT_NAME *name_hash_search(HASH *name_hash, const char *host,const char* ip, const char *db, const char *user, const char *tname, - bool exact) + bool exact, bool name_tolower) { - char helping [NAME_LEN*2+USERNAME_LENGTH+3]; + char helping [NAME_LEN*2+USERNAME_LENGTH+3], *name_ptr; uint len; GRANT_NAME *grant_name,*found=0; HASH_SEARCH_STATE state; - len = (uint) (strmov(strmov(strmov(helping,user)+1,db)+1,tname)-helping)+ 1; + name_ptr= strmov(strmov(helping, user) + 1, db) + 1; + len = (uint) (strmov(name_ptr, tname) - helping) + 1; + if (name_tolower) + my_casedn_str(files_charset_info, name_ptr); for (grant_name= (GRANT_NAME*) hash_first(name_hash, (byte*) helping, len, &state); grant_name ; @@ -2320,7 +2323,7 @@ routine_hash_search(const char *host, const char *ip, const char *db, { return (GRANT_TABLE*) name_hash_search(proc ? &proc_priv_hash : &func_priv_hash, - host, ip, db, user, tname, exact); + host, ip, db, user, tname, exact, TRUE); } @@ -2329,7 +2332,7 @@ table_hash_search(const char *host, const char *ip, const char *db, const char *user, const char *tname, bool exact) { return (GRANT_TABLE*) name_hash_search(&column_priv_hash, host, ip, db, - user, tname, exact); + user, tname, exact, FALSE); } -- cgit v1.2.1