Fix bug: Crash server when grant ssl options are used and ssl handshake is not set

1 files changed, 58 insertions, 57 deletions

diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 9437e5ecb5b..8ee210f4e24 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -542,78 +542,79 @@ ulong acl_getroot(THD *thd, const char *host, const char *ip, const char *user,
 	    break;
 	  case SSL_TYPE_X509: /* Client should have any valid certificate. */
 	    /*
-	      Connections with non-valid certificates are dropped already 
-	      in sslaccept() anyway, so we do not check validity here. 
+	      We need to check for absence of SSL because without SSL
+              we should reject connection.
 	    */
-	    if (SSL_get_peer_certificate(vio->ssl_))
+	    if (vio_type(vio) == VIO_TYPE_SSL && SSL_get_peer_certificate(vio->ssl_))
 	      user_access=acl_user->access;
 	    break;
 	  case SSL_TYPE_SPECIFIED: /* Client should have specified attrib */
 	    /*
-	      We do not check for absence of SSL because without SSL it does
-	      not pass all checks here anyway.
-	      If cipher name is specified, we compare it to actual cipher in
-	      use.
+	      We need to check for absence of SSL because without SSL
+	      we should reject connection.
 	    */
-	    if (acl_user->ssl_cipher)
+	    if (vio_type(vio) == VIO_TYPE_SSL)
 	    {
-	      DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
-				 acl_user->ssl_cipher,
-				 SSL_get_cipher(vio->ssl_)));
-	      if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
-		user_access=acl_user->access;
-	      else
+	      if (acl_user->ssl_cipher)
 	      {
-		if (global_system_variables.log_warnings)
-		  sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
-				  acl_user->ssl_cipher,
-				  SSL_get_cipher(vio->ssl_));
-		user_access=NO_ACCESS;
-		break;
+		DBUG_PRINT("info",("comparing ciphers: '%s' and '%s'",
+				   acl_user->ssl_cipher,
+				   SSL_get_cipher(vio->ssl_)));
+		if (!strcmp(acl_user->ssl_cipher,SSL_get_cipher(vio->ssl_)))
+		  user_access=acl_user->access;
+		else
+		{
+		  if (global_system_variables.log_warnings)
+		    sql_print_error("X509 ciphers mismatch: should be '%s' but is '%s'",
+				    acl_user->ssl_cipher,
+				    SSL_get_cipher(vio->ssl_));
+		  user_access=NO_ACCESS;
+		  break;
+		}
 	      }
-	    }
-	    /* Prepare certificate (if exists) */
-	    DBUG_PRINT("info",("checkpoint 1"));
-	    X509* cert=SSL_get_peer_certificate(vio->ssl_);
-	    DBUG_PRINT("info",("checkpoint 2"));
-	    /* If X509 issuer is speified, we check it... */
-	    if (acl_user->x509_issuer) 
-	    {
-	      DBUG_PRINT("info",("checkpoint 3"));
-	      char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
-	      DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
-				 acl_user->x509_issuer, ptr));
-	      if (strcmp(acl_user->x509_issuer, ptr))
+	      /* Prepare certificate (if exists) */
+	      DBUG_PRINT("info",("checkpoint 1"));
+	      X509* cert=SSL_get_peer_certificate(vio->ssl_);
+	      DBUG_PRINT("info",("checkpoint 2"));
+	      /* If X509 issuer is speified, we check it... */
+	      if (acl_user->x509_issuer) 
 	      {
-		if (global_system_variables.log_warnings)
-		  sql_print_error("X509 issuer mismatch: should be '%s' but is '%s'",
-				  acl_user->x509_issuer, ptr);
-		user_access=NO_ACCESS;
+		DBUG_PRINT("info",("checkpoint 3"));
+		char *ptr = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+		DBUG_PRINT("info",("comparing issuers: '%s' and '%s'",
+				   acl_user->x509_issuer, ptr));
+		if (strcmp(acl_user->x509_issuer, ptr))
+		{
+		  if (global_system_variables.log_warnings)
+		    sql_print_error("X509 issuer mismatch: should be '%s' but is '%s'",
+				    acl_user->x509_issuer, ptr);
+		  user_access=NO_ACCESS;
+		  free(ptr);
+		  break;
+		}
+		user_access=acl_user->access;
 		free(ptr);
-		break;
 	      }
-	      user_access=acl_user->access;
-	      free(ptr);
-	    }
-	    DBUG_PRINT("info",("checkpoint 4"));
-	    /* X509 subject is specified, we check it .. */
-	    if (acl_user->x509_subject)
-	    {
-	      char *ptr= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
-	      DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
-				 acl_user->x509_subject, ptr));
-	      if (strcmp(acl_user->x509_subject,ptr))
+	      DBUG_PRINT("info",("checkpoint 4"));
+	      /* X509 subject is specified, we check it .. */
+	      if (acl_user->x509_subject)
 	      {
-		if (global_system_variables.log_warnings)
-		  sql_print_error("X509 subject mismatch: '%s' vs '%s'", 
-				  acl_user->x509_subject, ptr);
-		user_access=NO_ACCESS;
+		char *ptr= X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+		DBUG_PRINT("info",("comparing subjects: '%s' and '%s'",
+				   acl_user->x509_subject, ptr));
+		if (strcmp(acl_user->x509_subject,ptr))
+		{
+		  if (global_system_variables.log_warnings)
+		    sql_print_error("X509 subject mismatch: '%s' vs '%s'", 
+				    acl_user->x509_subject, ptr);
+		  user_access=NO_ACCESS;
+		}
+		else
+		  user_access=acl_user->access;
+		free(ptr);
 	      }
-	      else
-		user_access=acl_user->access;
-	      free(ptr);
+	      break;
 	    }
-	    break;
 	  }
 #else  /* HAVE_OPENSSL */
 	  user_access=acl_user->access;