From d538d394b86d4095e78c891e40876f4b9e031d7f Mon Sep 17 00:00:00 2001 From: Gleb Shchepa Date: Wed, 5 Dec 2012 17:24:45 +0400 Subject: Bug #15948123: SERVER WORKS INCORRECT WITH LONG TABLE ALIASES Code in MDL subsystem assumes that identifiers of objects can't be longer than NAME_LEN characters. This assumption was broken when one tried to construct MDL_key based on table alias, which can have arbitrary length. Since MDL_key's (and MDL locks) are not really used for table aliases this patch changes code to not initialize MDL_key object for table list element representing aliases. --- sql/sql_parse.cc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index ea07bfce0cb..2e995f58c5c 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -6000,8 +6000,13 @@ TABLE_LIST *st_select_lex::add_table_to_list(THD *thd, ptr->next_name_resolution_table= NULL; /* Link table in global list (all used tables) */ lex->add_to_query_tables(ptr); - ptr->mdl_request.init(MDL_key::TABLE, ptr->db, ptr->table_name, mdl_type, - MDL_TRANSACTION); + + // Pure table aliases do not need to be locked: + if (!test(table_options & TL_OPTION_ALIAS)) + { + ptr->mdl_request.init(MDL_key::TABLE, ptr->db, ptr->table_name, mdl_type, + MDL_TRANSACTION); + } DBUG_RETURN(ptr); } -- cgit v1.2.1 From 6e9a48b67fceab17089ca4cd1406e302386a601b Mon Sep 17 00:00:00 2001 From: Michael Widenius Date: Fri, 11 Jan 2013 00:22:14 +0200 Subject: Fixed some race conditons and bugs related to killed queries KILL now breaks locks inside InnoDB Fixed possible deadlock when running INNODB STATUS Added ha_kill_query() and kill_query() to send kill signal to all storage engines Added reset_killed() to ensure we don't reset killed state while awake() is getting called include/mysql/plugin.h: Added thd_mark_as_hard_kill() include/mysql/plugin_audit.h.pp: Added thd_mark_as_hard_kill() include/mysql/plugin_auth.h.pp: Added thd_mark_as_hard_kill() include/mysql/plugin_ftparser.h.pp: Added thd_mark_as_hard_kill() sql/handler.cc: Added ha_kill_query() to send kill signal to all storage engines sql/handler.h: Added ha_kill_query() and kill_query() to send kill signal to all storage engines sql/log_event.cc: Use reset_killed() sql/mdl.cc: use thd->killed instead of thd_killed() to abort on soft kill sql/sp_rcontext.cc: Use reset_killed() sql/sql_class.cc: Fixed possible deadlock in INNODB STATUS by not getting thd->LOCK_thd_data if it's locked. Use reset_killed() Tell storge engines that KILL has been sent sql/sql_class.h: Added reset_killed() to ensure we don't reset killed state while awake() is getting called. Added mark_as_hard_kill() sql/sql_insert.cc: Use reset_killed() sql/sql_parse.cc: Simplify detection of killed queries. Use reset_killed() sql/sql_select.cc: Use reset_killed() sql/sql_union.cc: Use reset_killed() storage/innobase/handler/ha_innodb.cc: Added innobase_kill_query() Fixed error reporting for interrupted queries. storage/xtradb/handler/ha_innodb.cc: Added innobase_kill_query() Fixed error reporting for interrupted queries. --- sql/sql_parse.cc | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index de35d2f3d27..2ae4adb4e33 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -4495,16 +4495,20 @@ finish: if (! thd->in_sub_stmt) { - /* report error issued during command execution */ - if (thd->killed_errno()) + if (thd->killed != NOT_KILLED) { - if (! thd->stmt_da->is_set()) - thd->send_kill_message(); - } - if (thd->killed < KILL_CONNECTION) - { - thd->killed= NOT_KILLED; - thd->mysys_var->abort= 0; + /* report error issued during command execution */ + if (thd->killed_errno()) + { + /* If we already sent 'ok', we can ignore any kill query statements */ + if (! thd->stmt_da->is_set()) + thd->send_kill_message(); + } + if (thd->killed < KILL_CONNECTION) + { + thd->reset_killed(); + thd->mysys_var->abort= 0; + } } if (thd->is_error() || (thd->variables.option_bits & OPTION_MASTER_SQL_ERROR)) trans_rollback_stmt(thd); -- cgit v1.2.1 From bfc71e63a77972fa4ab934855b6ab712bea323a1 Mon Sep 17 00:00:00 2001 From: Sergei Golubchik Date: Fri, 25 Jan 2013 00:17:39 +0100 Subject: MDEV-3915 COM_CHANGE_USER allows fast password brute-forcing allow only three failed change_user per connection. successful change_user do NOT reset the counter tests/mysql_client_test.c: make --error to work for --change_user errors --- sql/sql_parse.cc | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'sql/sql_parse.cc') diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index be0e2db43c6..0c47b7a8bb3 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -1144,6 +1144,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, uint save_db_length= thd->db_length; char *save_db= thd->db; + int rc; USER_CONN *save_user_connect= thd->user_connect; Security_context save_security_ctx= *thd->security_ctx; CHARSET_INFO *save_character_set_client= @@ -1157,7 +1158,19 @@ bool dispatch_command(enum enum_server_command command, THD *thd, thd->security_ctx->user= 0; thd->user_connect= 0; - if (acl_authenticate(thd, 0, packet_length)) + /* + to limit COM_CHANGE_USER ability to brute-force passwords, + we only allow three unsuccessful COM_CHANGE_USER per connection. + */ + if (thd->failed_com_change_user >= 3) + { + my_message(ER_UNKNOWN_COM_ERROR, ER(ER_UNKNOWN_COM_ERROR), MYF(0)); + rc= 1; + } + else + rc= acl_authenticate(thd, 0, packet_length); + + if (rc) { /* Free user if allocated by acl_authenticate */ x_free(thd->security_ctx->user); @@ -1170,6 +1183,8 @@ bool dispatch_command(enum enum_server_command command, THD *thd, thd->variables.collation_connection= save_collation_connection; thd->variables.character_set_results= save_character_set_results; thd->update_charset(); + thd->failed_com_change_user++; + my_sleep(1000000); } else { -- cgit v1.2.1