#At file:///Users/thek/Development/51-bug44658/ based on revid:mats@stripped
2874 Kristofer Pettersson 2009-05-19
Bug#44658 Create procedure makes server crash when user does not have ALL privilege
MySQL crashes if a user without proper privileges attempts to create a procedure.
Since the current user lacks the right to assign the ALTER and EXECUTE ROUTINE
privileges an error is thrown by the grant subsystem. This error sets the SQLSTATE,
but the error state is not interrupting execution since it isn't considered fatal in this
context. Instead an attempt is made to push another SQLSTATE to the Diagnostic area and
this causes an assertion and the server stops.
The patch back ports a stack implementation of the internal error handler interface. This
enables the use of multiple error handlers so that it is possible to intercept and cancel
errors thrown by lower layers.
@ mysql-test/r/grant.result
* Test case for bug44658
@ mysql-test/t/grant.test
* Test case for bug44658
@ sql/sql_acl.cc
* sp_grant_routine is only called from the SQLCOM_CREATE_PROCEDURE execution path and in this
context it is not a fatal error to fail to assign the automatic privileges ALTER and EXECUTE
ROUTINE. To avoid that other errors are thrown a dummy error handler is used to cancel them out.
@ sql/sql_class.cc
* Back ported error handler implementation
@ sql/sql_class.h
* Back ported error handler implementation
* Introduced dummy error handler for cancelling all errors.
modified:
mysql-test/r/grant.result
mysql-test/t/grant.test
sql/sql_acl.cc
sql/sql_class.cc
sql/sql_class.h
=== modified file 'mysql-test/r/grant.result'
--- a/mysql-test/r/grant.result 2009-02-25 12:18:24 +0000
+++ b/mysql-test/r/grant.result 2009-05-19 16:06:30 +0000
@@ -1358,3 +1358,18 @@ DROP USER 'userbug33464'@'localhost';
USE test;
DROP DATABASE dbbug33464;
SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators;
+CREATE USER user1;
+GRANT CREATE ON db1.* TO 'user1'@'%';
+GRANT CREATE ROUTINE ON db1.* TO 'user1'@'%';
+FLUSH PRIVILEGES;
+CREATE DATABASE db1;
+CREATE PROCEDURE db1.proc1(p1 INT)
+BEGIN
+SET @x = 0;
+REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
+END ;||
+Warnings:
+Warning 1404 Failed to grant EXECUTE and ALTER ROUTINE privileges
+DROP PROCEDURE db1.proc1;
+DROP USER user1;
+DROP DATABASE db1;
=== modified file 'mysql-test/t/grant.test'
--- a/mysql-test/t/grant.test 2009-02-10 10:23:47 +0000
+++ b/mysql-test/t/grant.test 2009-05-19 16:06:30 +0000
@@ -1471,5 +1471,27 @@ DROP DATABASE dbbug33464;
SET @@global.log_bin_trust_function_creators= @old_log_bin_trust_function_creators;
+#
+# Bug#44658 Create procedure makes server crash when user does not have ALL privilege
+#
+CREATE USER user1;
+GRANT CREATE ON db1.* TO 'user1'@'%';
+GRANT CREATE ROUTINE ON db1.* TO 'user1'@'%';
+FLUSH PRIVILEGES;
+connect (con1,localhost,user1,,);
+CREATE DATABASE db1;
+DELIMITER ||;
+CREATE PROCEDURE db1.proc1(p1 INT)
+ BEGIN
+ SET @x = 0;
+ REPEAT SET @x = @x + 1; UNTIL @x > p1 END REPEAT;
+ END ;||
+DELIMITER ;||
+connection default;
+disconnect con1;
+DROP PROCEDURE db1.proc1;
+DROP USER user1;
+DROP DATABASE db1;
+
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
=== modified file 'sql/sql_acl.cc'
--- a/sql/sql_acl.cc 2009-04-08 23:42:51 +0000
+++ b/sql/sql_acl.cc 2009-05-19 16:06:30 +0000
@@ -6174,6 +6174,7 @@ int sp_grant_privileges(THD *thd, const
bool result;
ACL_USER *au;
char passwd_buff[SCRAMBLED_PASSWORD_CHAR_LENGTH+1];
+ Dummy_error_handler error_handler;
DBUG_ENTER("sp_grant_privileges");
if (!(combo=(LEX_USER*) thd->alloc(sizeof(st_lex_user))))
@@ -6224,7 +6225,6 @@ int sp_grant_privileges(THD *thd, const
}
else
{
- my_error(ER_PASSWD_LENGTH, MYF(0), SCRAMBLED_PASSWORD_CHAR_LENGTH);
return -1;
}
combo->password.str= passwd_buff;
@@ -6241,8 +6241,14 @@ int sp_grant_privileges(THD *thd, const
thd->lex->ssl_type= SSL_TYPE_NOT_SPECIFIED;
bzero((char*) &thd->lex->mqh, sizeof(thd->lex->mqh));
+ /*
+ Only care about whether the operation failed or succeeded
+ as all errors will be handled later.
+ */
+ thd->push_internal_handler(&error_handler);
result= mysql_routine_grant(thd, tables, is_proc, user_list,
- DEFAULT_CREATE_PROC_ACLS, 0, 1);
+ DEFAULT_CREATE_PROC_ACLS, 0, 1);
+ thd->pop_internal_handler();
DBUG_RETURN(result);
}
=== modified file 'sql/sql_class.cc'
--- a/sql/sql_class.cc 2009-05-10 16:20:35 +0000
+++ b/sql/sql_class.cc 2009-05-19 16:06:30 +0000
@@ -674,31 +674,40 @@ THD::THD()
void THD::push_internal_handler(Internal_error_handler *handler)
{
- /*
- TODO: The current implementation is limited to 1 handler at a time only.
- THD and sp_rcontext need to be modified to use a common handler stack.
- */
- DBUG_ASSERT(m_internal_handler == NULL);
- m_internal_handler= handler;
+ if(m_internal_handler)
+ {
+ handler->m_prev_internal_handler= m_internal_handler;
+ m_internal_handler= handler;
+ }
+ else
+ {
+ m_internal_handler= handler;
+ }
}
bool THD::handle_error(uint sql_errno, const char *message,
MYSQL_ERROR::enum_warning_level level)
{
- if (m_internal_handler)
+ if (!m_internal_handler)
+ return FALSE;
+
+ for(Internal_error_handler *error_handler= m_internal_handler;
+ error_handler;
+ error_handler= m_internal_handler->m_prev_internal_handler)
{
- return m_internal_handler->handle_error(sql_errno, message, level, this);
+ if (error_handler->handle_error(sql_errno, message, level, this))
+ return TRUE;
}
- return FALSE; // 'FALSE', as per coding style
+ return FALSE;
}
void THD::pop_internal_handler()
{
DBUG_ASSERT(m_internal_handler != NULL);
- m_internal_handler= NULL;
+ m_internal_handler= m_internal_handler->m_prev_internal_handler;
}
extern "C"
=== modified file 'sql/sql_class.h'
--- a/sql/sql_class.h 2009-03-25 19:41:16 +0000
+++ b/sql/sql_class.h 2009-05-19 16:06:30 +0000
@@ -1036,7 +1036,10 @@ show_system_thread(enum_thread_type thre
class Internal_error_handler
{
protected:
- Internal_error_handler() {}
+ Internal_error_handler() :
+ m_prev_internal_handler(NULL)
+ {}
+
virtual ~Internal_error_handler() {}
public:
@@ -1069,6 +1072,28 @@ public:
const char *message,
MYSQL_ERROR::enum_warning_level level,
THD *thd) = 0;
+private:
+ Internal_error_handler *m_prev_internal_handler;
+ friend class THD;
+};
+
+
+/**
+ Implements the trivial error handler which cancels all error states
+ and prevents an SQLSTATE to be set.
+*/
+
+class Dummy_error_handler : public Internal_error_handler
+{
+public:
+ bool handle_error(uint sql_errno,
+ const char *message,
+ MYSQL_ERROR::enum_warning_level level,
+ THD *thd)
+ {
+ /* Ignore error */
+ return TRUE;
+ }
};
@@ -2210,6 +2235,9 @@ public:
thd_scheduler scheduler;
public:
+ inline Internal_error_handler *get_internal_handler()
+ { return m_internal_handler; }
+
/**
Add an internal error handler to the thread execution context.
@param handler the exception handler to add
Attachment: [text/bzr-bundle]
