MDEV-5176 Server crashes in fill_schema_applicable_roles on select from...

MDEV-5176 Server crashes in fill_schema_applicable_roles on select from APPLICABLE_ROLES after a suicide Don't assume that thd->security_ctx->priv_user is an actually existing user account

MDEV-5176 Server crashes in fill_schema_applicable_roles on select from...
MDEV-5176 Server crashes in fill_schema_applicable_roles on select from APPLICABLE_ROLES after a suicide Don't assume that thd->security_ctx->priv_user is an actually existing user account
65eee0be · Sergei Golubchik · 7761a278 · 65eee0be · 65eee0be · 65eee0be
Commit 65eee0be authored Oct 23, 2013 by Sergei Golubchik
3 changed files
--- a/mysql-test/suite/roles/drop_current_user-5176.result
+++ b/mysql-test/suite/roles/drop_current_user-5176.result
+grant create user on *.* to foo@localhost;
+drop user foo@localhost;
+select * from information_schema.applicable_roles;
+GRANTEE	ROLE_NAME	IS_GRANTABLE
+show grants;
+ERROR 42000: There is no such grant defined for user 'foo' on host 'localhost'
+select current_user();
+current_user()
+foo@localhost
--- a/mysql-test/suite/roles/drop_current_user-5176.test
+++ b/mysql-test/suite/roles/drop_current_user-5176.test
+#
+# MDEV-5176 Server crashes in fill_schema_applicable_roles on select from APPLICABLE_ROLES after a suicide
+#
+
+grant create user on *.* to foo@localhost;
+--connect (foo,localhost,foo,,)
+drop user foo@localhost;
+select * from information_schema.applicable_roles;
+--error ER_NONEXISTING_GRANT
+show grants;
+select current_user();
+
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -9921,6 +9921,7 @@ int fill_schema_enabled_roles(THD *thd, TABLE_LIST *tables, COND *cond)
 */
 int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond)
 {
+  int res= 0;
 #ifndef NO_EMBEDDED_ACCESS_CHECKS
  if (initialized)
  {
@@ -9929,25 +9930,25 @@ int fill_schema_applicable_roles(THD *thd, TABLE_LIST *tables, COND *cond)
    mysql_rwlock_rdlock(&LOCK_grant);
    mysql_mutex_lock(&acl_cache->lock);
    ACL_USER *user= find_user_exact(sctx->priv_host, sctx->priv_user);
+    if (user)
+    {
+      char buff[USER_HOST_BUFF_SIZE+10];
+      DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff));
+      char *end= strxmov(buff, user->user.str, "@", user->host.hostname, NULL);
+      APPLICABLE_ROLES_DATA data= { table,
+        { user->host.hostname, user->hostname_length },
+        { buff, (size_t)(end - buff) }, user
+      };

-    char buff[USER_HOST_BUFF_SIZE+10];
-    DBUG_ASSERT(user->user.length + user->hostname_length +2 < sizeof(buff));
-    char *end= strxmov(buff, user->user.str, "@", user->host.hostname, NULL);
-    APPLICABLE_ROLES_DATA data= { table,
-      { user->host.hostname, user->hostname_length },
-      { buff, (size_t)(end - buff) }, user
-    };
-
-    int res= traverse_role_graph_down(user, &data, 0, applicable_roles_insert);
+      res= traverse_role_graph_down(user, &data, 0, applicable_roles_insert);
+    }

    mysql_mutex_unlock(&acl_cache->lock);
    mysql_rwlock_unlock(&LOCK_grant);
-
-    return res;
  }
 #endif

-  return 0;
+  return res;
 }