Commit 305f78c3 authored by Tatiana A. Nurnberg's avatar Tatiana A. Nurnberg

Bug#48319: Server crashes on "GRANT/REVOKE ... TO CURRENT_USER"

CURRENT_USER() in GRANT ... TO CURRENT_USER() only gave us a definer,
not a full user (i.e., password-element was not initiliazed). Hence
dereferencing the password led to a crash.

Properly initializes definers now, just so there are no misunderstandings.
Also does some magic so IDENTIFIED BY ... works with CURRENT_USER().
parent fccc33a3
...@@ -443,3 +443,30 @@ DROP TABLE db1.t1, db1.t2; ...@@ -443,3 +443,30 @@ DROP TABLE db1.t1, db1.t2;
DROP USER mysqltest1@localhost; DROP USER mysqltest1@localhost;
DROP DATABASE db1; DROP DATABASE db1;
End of 5.0 tests End of 5.0 tests
USE mysql;
SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h;
SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost Y
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost N
GRANT INSERT ON *.* TO CURRENT_USER();
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost Y
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost *0BB7188CF0DE9B403BA66E9DD810D82652D002EB Y
UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
user host password insert_priv
root localhost Y
FLUSH PRIVILEGES;
USE test;
End of 5.1 tests
...@@ -632,5 +632,40 @@ DROP DATABASE db1; ...@@ -632,5 +632,40 @@ DROP DATABASE db1;
--echo End of 5.0 tests --echo End of 5.0 tests
#
# Bug #48319: Server crashes on "GRANT/REVOKE ... TO CURRENT_USER"
#
# work out who we are.
USE mysql;
SELECT LEFT(CURRENT_USER(),INSTR(CURRENT_USER(),'@')-1) INTO @u;
SELECT MID(CURRENT_USER(),INSTR(CURRENT_USER(),'@')+1) INTO @h;
SELECT password FROM user WHERE user=@u AND host=@h INTO @pwd;
# show current privs.
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
# toggle INSERT
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
# show that GRANT ... TO CURRENT_USER() no longer crashes
GRANT INSERT ON *.* TO CURRENT_USER();
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
UPDATE user SET insert_priv='N' WHERE user=@u AND host=@h;
# show that GRANT ... TO CURRENT_USER() IDENTIFIED BY ... works now
GRANT INSERT ON *.* TO CURRENT_USER() IDENTIFIED BY 'keksdose';
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
UPDATE user SET password=@pwd WHERE user=@u AND host=@h;
SELECT user,host,password,insert_priv FROM user WHERE user=@u AND host=@h;
FLUSH PRIVILEGES;
USE test;
--echo End of 5.1 tests
# Wait till we reached the initial number of concurrent sessions # Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc --source include/wait_until_count_sessions.inc
...@@ -3451,6 +3451,13 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list, ...@@ -3451,6 +3451,13 @@ bool mysql_grant(THD *thd, const char *db, List <LEX_USER> &list,
result= TRUE; result= TRUE;
continue; continue;
} }
/*
No User, but a password?
They did GRANT ... TO CURRENT_USER() IDENTIFIED BY ... !
Get the current user, and shallow-copy the new password to them!
*/
if (!tmp_Str->user.str && tmp_Str->password.str)
Str->password= tmp_Str->password;
if (replace_user_table(thd, tables[0].table, *Str, if (replace_user_table(thd, tables[0].table, *Str,
(!db ? rights : 0), revoke_grant, create_new_users, (!db ? rights : 0), revoke_grant, create_new_users,
test(thd->variables.sql_mode & test(thd->variables.sql_mode &
......
...@@ -7573,6 +7573,9 @@ void get_default_definer(THD *thd, LEX_USER *definer) ...@@ -7573,6 +7573,9 @@ void get_default_definer(THD *thd, LEX_USER *definer)
definer->host.str= (char *) sctx->priv_host; definer->host.str= (char *) sctx->priv_host;
definer->host.length= strlen(definer->host.str); definer->host.length= strlen(definer->host.str);
definer->password.str= NULL;
definer->password.length= 0;
} }
...@@ -7624,6 +7627,8 @@ LEX_USER *create_definer(THD *thd, LEX_STRING *user_name, LEX_STRING *host_name) ...@@ -7624,6 +7627,8 @@ LEX_USER *create_definer(THD *thd, LEX_STRING *user_name, LEX_STRING *host_name)
definer->user= *user_name; definer->user= *user_name;
definer->host= *host_name; definer->host= *host_name;
definer->password.str= NULL;
definer->password.length= 0;
return definer; return definer;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment