← Back to team overview

maria-developers team mailing list archive

Re: 95e1c46: MDEV-9898 SET ROLE NONE can crash mysqld.


Hi, Alexey!

On Apr 28, Alexey Botchkov wrote:
> revision-id: 95e1c46c1709e7244332a025a527cacceab7da60 (mariadb-10.1.13-14-g95e1c46)
> parent(s): 646c4cea58afbb369021a3d7b5ccbbf6aed708d4
> committer: Alexey Botchkov
> timestamp: 2016-04-28 13:36:36 +0400
> message:
> MDEV-9898 SET ROLE NONE can crash mysqld.
>         The check_user_can_set_role() used find_user_exact() to get the
>         permissions for the SET ROLE NONE command.
>         Which returned NULL too often, for instance when user
>         authenticated as 'user'@'%'.
>         Now we use find_user_or_anon() instead.

No, this is wrong. SET ROLE NONE should use the same rule as
SET ROLE name.

And the latter uses acl_user->wild_eq(user, host, ip).
Thus SET ROLE NONE should find the user with ACL_USER::wild_eq, that is,
it should use find_user_wild().

Ok to push with find_user_wild().

Chief Architect MariaDB
and security@xxxxxxxxxxx