summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--mysql-test/r/grant.result13
-rw-r--r--mysql-test/t/grant.test13
-rw-r--r--sql/sql_acl.cc48
3 files changed, 58 insertions, 16 deletions
diff --git a/mysql-test/r/grant.result b/mysql-test/r/grant.result
index dc2664e040d..ca9eef211f4 100644
--- a/mysql-test/r/grant.result
+++ b/mysql-test/r/grant.result
@@ -2633,3 +2633,16 @@ ERROR 42000: Access denied for user 'untrusted'@'localhost' to database 'secret'
DROP USER untrusted@localhost;
DROP DATABASE secret;
set GLOBAL sql_mode=default;
+#
+# MDEV-22755 CREATE USER leads to indirect SIGABRT in __stack_chk_fail () from fill_schema_user_privileges + *** stack smashing detected *** (on optimized builds)
+#
+SET NAMES utf8;
+SET SQL_MODE='';
+CREATE USER 觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻@localhost;
+SELECT * FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE "'abcdefghijklmnopqrstuvwxyz'%";
+GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE
+SELECT GRANTEE FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE '%觻%';
+GRANTEE
+'觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻'@'localhost'
+DROP USER 觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻@localhost;
+SET SQL_MODE=DEFAULT;
diff --git a/mysql-test/t/grant.test b/mysql-test/t/grant.test
index e4a7d62f85e..d50d60206e1 100644
--- a/mysql-test/t/grant.test
+++ b/mysql-test/t/grant.test
@@ -2292,3 +2292,16 @@ DROP DATABASE secret;
set GLOBAL sql_mode=default;
# Wait till we reached the initial number of concurrent sessions
--source include/wait_until_count_sessions.inc
+
+
+--echo #
+--echo # MDEV-22755 CREATE USER leads to indirect SIGABRT in __stack_chk_fail () from fill_schema_user_privileges + *** stack smashing detected *** (on optimized builds)
+--echo #
+
+SET NAMES utf8;
+SET SQL_MODE='';
+CREATE USER 觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻@localhost;
+SELECT * FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE "'abcdefghijklmnopqrstuvwxyz'%";
+SELECT GRANTEE FROM INFORMATION_SCHEMA.user_privileges WHERE GRANTEE LIKE '%觻%';
+DROP USER 觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻_觻觻觻觻觻觻觻觻觻觻@localhost;
+SET SQL_MODE=DEFAULT;
diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc
index 6e6135b75bb..8d594e887b7 100644
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -10710,7 +10710,7 @@ int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
-static bool update_schema_privilege(THD *thd, TABLE *table, char *buff,
+static bool update_schema_privilege(THD *thd, TABLE *table, const char *buff,
const char* db, const char* t_name,
const char* column, uint col_length,
const char *priv, uint priv_length,
@@ -10734,6 +10734,21 @@ static bool update_schema_privilege(THD *thd, TABLE *table, char *buff,
#endif
+#ifndef NO_EMBEDDED_ACCESS_CHECKS
+class Grantee_str
+{
+ char m_buff[USER_HOST_BUFF_SIZE + 6 /* 4 quotes, @, '\0' */];
+public:
+ Grantee_str(const char *user, const char *host)
+ {
+ DBUG_ASSERT(strlen(user) + strlen(host) + 6 < sizeof(m_buff));
+ strxmov(m_buff, "'", user, "'@'", host, "'", NullS);
+ }
+ operator const char *() const { return m_buff; }
+};
+#endif
+
+
int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
#ifndef NO_EMBEDDED_ACCESS_CHECKS
@@ -10741,7 +10756,6 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint counter;
ACL_USER *acl_user;
ulong want_access;
- char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
NULL, NULL, 1, 1);
@@ -10768,10 +10782,10 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
if (!(want_access & GRANT_ACL))
is_grantable= "NO";
- strxmov(buff,"'",user,"'@'",host,"'",NullS);
+ Grantee_str grantee(user, host);
if (!(want_access & ~GRANT_ACL))
{
- if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0,
+ if (update_schema_privilege(thd, table, grantee, 0, 0, 0, 0,
STRING_WITH_LEN("USAGE"), is_grantable))
{
error= 1;
@@ -10786,7 +10800,7 @@ int fill_schema_user_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
if (test_access & j)
{
- if (update_schema_privilege(thd, table, buff, 0, 0, 0, 0,
+ if (update_schema_privilege(thd, table, grantee, 0, 0, 0, 0,
command_array[priv_id],
command_lengths[priv_id], is_grantable))
{
@@ -10814,7 +10828,6 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
uint counter;
ACL_DB *acl_db;
ulong want_access;
- char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
NULL, NULL, 1, 1);
@@ -10845,10 +10858,10 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
is_grantable= "NO";
}
- strxmov(buff,"'",user,"'@'",host,"'",NullS);
+ Grantee_str grantee(user, host);
if (!(want_access & ~GRANT_ACL))
{
- if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0,
+ if (update_schema_privilege(thd, table, grantee, acl_db->db, 0, 0,
0, STRING_WITH_LEN("USAGE"), is_grantable))
{
error= 1;
@@ -10862,7 +10875,8 @@ int fill_schema_schema_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
for (cnt=0, j = SELECT_ACL; j <= DB_ACLS; cnt++,j <<= 1)
if (test_access & j)
{
- if (update_schema_privilege(thd, table, buff, acl_db->db, 0, 0, 0,
+ if (update_schema_privilege(thd, table,
+ grantee, acl_db->db, 0, 0, 0,
command_array[cnt], command_lengths[cnt],
is_grantable))
{
@@ -10888,7 +10902,6 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
int error= 0;
uint index;
- char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
NULL, NULL, 1, 1);
@@ -10923,10 +10936,11 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
if (!(table_access & GRANT_ACL))
is_grantable= "NO";
- strxmov(buff, "'", user, "'@'", host, "'", NullS);
+ Grantee_str grantee(user, host);
if (!test_access)
{
- if (update_schema_privilege(thd, table, buff, grant_table->db,
+ if (update_schema_privilege(thd, table,
+ grantee, grant_table->db,
grant_table->tname, 0, 0,
STRING_WITH_LEN("USAGE"), is_grantable))
{
@@ -10942,7 +10956,8 @@ int fill_schema_table_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
{
if (test_access & j)
{
- if (update_schema_privilege(thd, table, buff, grant_table->db,
+ if (update_schema_privilege(thd, table,
+ grantee, grant_table->db,
grant_table->tname, 0, 0,
command_array[cnt],
command_lengths[cnt], is_grantable))
@@ -10970,7 +10985,6 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
#ifndef NO_EMBEDDED_ACCESS_CHECKS
int error= 0;
uint index;
- char buff[100];
TABLE *table= tables->table;
bool no_global_access= check_access(thd, SELECT_ACL, "mysql",
NULL, NULL, 1, 1);
@@ -10999,7 +11013,7 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
is_grantable= "NO";
ulong test_access= table_access & ~GRANT_ACL;
- strxmov(buff, "'", user, "'@'", host, "'", NullS);
+ Grantee_str grantee(user, host);
if (!test_access)
continue;
else
@@ -11018,7 +11032,9 @@ int fill_schema_column_privileges(THD *thd, TABLE_LIST *tables, COND *cond)
my_hash_element(&grant_table->hash_columns,col_index);
if ((grant_column->rights & j) && (table_access & j))
{
- if (update_schema_privilege(thd, table, buff, grant_table->db,
+ if (update_schema_privilege(thd, table,
+ grantee,
+ grant_table->db,
grant_table->tname,
grant_column->column,
grant_column->key_length,
View Lorry Controller Status