diff options
| author | Tatiana A. Nurnberg <azundris@mysql.com> | 2009-03-25 17:10:27 +0100 |
|---|---|---|
| committer | Tatiana A. Nurnberg <azundris@mysql.com> | 2009-03-25 17:10:27 +0100 |
| commit | eeef946787a9fffff8f8804e4529d9df712bdd24 (patch) | |
| tree | 614992e6f19dd83bdb1c245ecf6daf014bb2463d /sql/sql_parse.cc | |
| parent | 4abb1a7d8c9c5f7299c6df77e0ad43a053cc23fc (diff) | |
| download | mariadb-git-eeef946787a9fffff8f8804e4529d9df712bdd24.tar.gz | |
Bug#43748: crash when non-super user tries to kill the replication threads
Fine-tuning. Broke out comparison into method by
suggestion of Davi. Clarified comments. Reverting
test-case which I find too brittle; proper test
case in 5.1+.
Diffstat (limited to 'sql/sql_parse.cc')
| -rw-r--r-- | sql/sql_parse.cc | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 33adcfe3342..c2d789b30b5 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -7391,22 +7391,21 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query) If we're SUPER, we can KILL anything, including system-threads. No further checks. - thd..user could in theory be NULL while we're still in - "unauthenticated" state. This is more a theoretical case. + KILLer: thd->security_ctx->user could in theory be NULL while + we're still in "unauthenticated" state. This is a theoretical + case (the code suggests this could happen, so we play it safe). - tmp..user will be NULL for system threads (cf Bug#43748). + KILLee: tmp->security_ctx->user will be NULL for system threads. We need to check so Jane Random User doesn't crash the server - when trying to kill a) system threads or b) unauthenticated - users' threads. + when trying to kill a) system threads or b) unauthenticated users' + threads (Bug#43748). - If user of both killer and killee are non-null, proceed with + If user of both killer and killee are non-NULL, proceed with slayage if both are string-equal. */ if ((thd->security_ctx->master_access & SUPER_ACL) || - ((thd->security_ctx->user != NULL) && - (tmp->security_ctx->user != NULL) && - !strcmp(thd->security_ctx->user, tmp->security_ctx->user))) + thd->security_ctx->user_matches(tmp->security_ctx)) { tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION); error=0; |