maria-developers team mailing list archive

Thread
Date

Re: 95e1c46: MDEV-9898 SET ROLE NONE can crash mysqld.

To: maria-developers@xxxxxxxxxxxxxxxxxxx
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 29 Apr 2016 13:53:27 +0200
Cc: holyfoot@xxxxxxxxxxx
In-reply-to: <20160428094023.BC637140DBF@nebo.localdomain>
User-agent: Mutt/1.5.24 (2015-08-30)

Hi, Alexey!

On Apr 28, Alexey Botchkov wrote:
> revision-id: 95e1c46c1709e7244332a025a527cacceab7da60 (mariadb-10.1.13-14-g95e1c46)
> parent(s): 646c4cea58afbb369021a3d7b5ccbbf6aed708d4
> committer: Alexey Botchkov
> timestamp: 2016-04-28 13:36:36 +0400
> message:
> 
> MDEV-9898 SET ROLE NONE can crash mysqld.
>         The check_user_can_set_role() used find_user_exact() to get the
>         permissions for the SET ROLE NONE command.
>         Which returned NULL too often, for instance when user
>         authenticated as 'user'@'%'.
>         Now we use find_user_or_anon() instead.

No, this is wrong. SET ROLE NONE should use the same rule as
SET ROLE name.

And the latter uses acl_user->wild_eq(user, host, ip).
Thus SET ROLE NONE should find the user with ACL_USER::wild_eq, that is,
it should use find_user_wild().

Ok to push with find_user_wild().

Regards,
Sergei
Chief Architect MariaDB
and security@xxxxxxxxxxx