diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2019-04-25 18:15:12 +0200 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2019-04-25 21:43:31 +0200 |
| commit | da0e00e7103dce1918dcde632ea317d8dd6c12d5 (patch) | |
| tree | 7cce844ff2199349914b67f6606aac94f76b249b | |
| parent | 33fe3b58ccb88ed48362a0710a2ede2853327c77 (diff) | |
| download | mariadb-git-da0e00e7103dce1918dcde632ea317d8dd6c12d5.tar.gz | |
Bug#28986737: RENAMING AND REPLACING MYSQL.USER TABLE CAN LEAD TO A SERVER CRASH
| -rw-r--r-- | mysql-test/r/grant4.result | 7 | ||||
| -rw-r--r-- | mysql-test/t/grant4.test | 11 | ||||
| -rw-r--r-- | sql/sql_acl.cc | 8 |
3 files changed, 26 insertions, 0 deletions
diff --git a/mysql-test/r/grant4.result b/mysql-test/r/grant4.result index 9b6d4c42c59..c8de7c3544a 100644 --- a/mysql-test/r/grant4.result +++ b/mysql-test/r/grant4.result @@ -132,3 +132,10 @@ flush privileges; ERROR 42S02: Table 'mysql.user' doesn't exist drop temporary table mysql.user; rename table mysql.user1 to mysql.user; +call mtr.add_suppression('mysql.user table is damaged'); +rename table mysql.user to mysql.user1; +create table mysql.user (Host char(100), User char(100)); +flush privileges; +ERROR HY000: Unknown error +drop table mysql.user; +rename table mysql.user1 to mysql.user; diff --git a/mysql-test/t/grant4.test b/mysql-test/t/grant4.test index 2762182b978..b5c97ab5f9b 100644 --- a/mysql-test/t/grant4.test +++ b/mysql-test/t/grant4.test @@ -159,3 +159,14 @@ create temporary table mysql.user select * from mysql.user1 limit 0; flush privileges; drop temporary table mysql.user; rename table mysql.user1 to mysql.user; + +# +# Bug#28986737: RENAMING AND REPLACING MYSQL.USER TABLE CAN LEAD TO A SERVER CRASH +# +call mtr.add_suppression('mysql.user table is damaged'); +rename table mysql.user to mysql.user1; +create table mysql.user (Host char(100), User char(100)); +--error ER_UNKNOWN_ERROR +flush privileges; +drop table mysql.user; +rename table mysql.user1 to mysql.user; diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index 5d7f82ff5dd..b916f96300a 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -825,6 +825,14 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables) goto end; table->use_all_columns(); + + if (table->s->fields < 13) // number of columns in 3.21 + { + sql_print_error("Fatal error: mysql.user table is damaged or in " + "unsupported 3.20 format."); + goto end; + } + username_char_length= min(table->field[1]->char_length(), USERNAME_CHAR_LENGTH); password_length= table->field[2]->field_length / table->field[2]->charset()->mbmaxlen; |