maria-developers team mailing list archive

Thread
Date

Re: 3f9e6c9c111: MDEV-22133 handle_fatal_signal (sig=11) on optimized builds in handle_grant_table instead of ERROR | Buffer overflow (on optimized builds)

To: Oleksandr Byelkin <sanja@xxxxxxxxxxx>
From: Sergei Golubchik <serg@xxxxxxxxxxx>
Date: Fri, 9 Sep 2022 23:09:28 +0200
Cc: maria-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <iDEnC8KJxbJ.A.DQE.oU6GjB@pweza>

Hi, Oleksandr,

On Sep 09, Oleksandr Byelkin wrote:
> revision-id: 3f9e6c9c111 (mariadb-10.3.35-36-g3f9e6c9c111)
> parent(s): 5feb60ce186
> author: Oleksandr Byelkin
> committer: Oleksandr Byelkin
> timestamp: 2022-06-24 15:37:25 +0200
> message:
> 
> MDEV-22133 handle_fatal_signal (sig=11) on optimized builds in handle_grant_table instead of ERROR | Buffer overflow (on optimized builds)
> 
> Return an error if we can not read a table required for ACL.
> 
> diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
> index 4c68b4505a4..38d2e9c35a1 100644
> --- a/sql/sql_acl.cc
> +++ b/sql/sql_acl.cc
> @@ -7420,6 +7420,11 @@ static bool grant_load(THD *thd,
>        while (!p_table->file->ha_index_next(p_table->record[0]));
>      }
>    }
> +  else
> +  {
> +    sql_print_error("Missing system table mysql.procs_priv; "
> +                    "please run mysql_upgrade to create it");
> +  }

I don't think so. The comment earlier says

    p_table= procs_priv.table(); // this can be NULL

and if "this can be NULL" then it's not an error if it is.

>  
>  end_unlock_p:
>    if (p_table)
> @@ -10041,6 +10046,8 @@ static int handle_grant_data(THD *thd, Grant_tables& tables, bool drop,
>    }
>  
>    /* Handle stored routines table. */
> +  if (tables.procs_priv_table().table_exists())
> +  {

This is ok, but also, please, check that all accesses to other optional
tables are properly protected. See FIRST_OPTIONAL_TABLE define, all
tables below it may not exist.

Regards,
Sergei
VP of MariaDB Server Engineering
and security@xxxxxxxxxxx