MDEV-9898 SET ROLE NONE can crash mysqld.

The check_user_can_set_role() used find_user_exact() to get the permissions for the SET ROLE NONE command. Which returned NULL too often, for instance when user authenticated as 'user'@'%'. Now we use find_user_wild() instead.

MDEV-9898 SET ROLE NONE can crash mysqld.
The check_user_can_set_role() used find_user_exact() to get the permissions for the SET ROLE NONE command. Which returned NULL too often, for instance when user authenticated as 'user'@'%'. Now we use find_user_wild() instead.
94cd0f6c · Alexey Botchkov · ad4239cc · 94cd0f6c · 94cd0f6c · 94cd0f6c
Commit 94cd0f6c authored May 02, 2016 by Alexey Botchkov
3 changed files
--- a/mysql-test/suite/roles/set_role-simple.result
+++ b/mysql-test/suite/roles/set_role-simple.result
@@ -45,3 +45,12 @@ delete from mysql.user where user='test_role1';
 delete from mysql.roles_mapping where Role='test_role1';
 flush privileges;
 drop user 'test_user'@'localhost';
+create user user1;
+select current_user;
+current_user
+user1@%
+show grants;
+Grants for user1@%
+GRANT USAGE ON *.* TO 'user1'@'%'
+set role none;
+drop user user1;
--- a/mysql-test/suite/roles/set_role-simple.test
+++ b/mysql-test/suite/roles/set_role-simple.test
@@ -37,3 +37,18 @@ delete from mysql.user where user='test_role1';
 delete from mysql.roles_mapping where Role='test_role1';
 flush privileges;
 drop user 'test_user'@'localhost';
+
+#
+# MDEV-9898 SET ROLE NONE can crash mysqld.
+#
+
+create user user1;
+
+--connect (con1,localhost,user1,,)
+select current_user;
+show grants;
+set role none;
+
+connection default;
+drop user user1;
+
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -2037,7 +2037,7 @@ static int check_user_can_set_role(const char *user, const char *host,
  {
    /* have to clear the privileges */
    /* get the current user */
-    acl_user= find_user_exact(host, user);
+    acl_user= find_user_wild(host, user, ip);
    if (acl_user == NULL)
    {
      my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);