Bug #19920 | SHOW GRANTS can crash the server, if host information doesn't match. | ||
---|---|---|---|
Submitted: | 18 May 2006 21:08 | Modified: | 31 May 2006 13:38 |
Reporter: | Markus Popp | Email Updates: | |
Status: | Duplicate | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | 5.0.22-BK, 5.0.21, 5.1.9/4.1BK | OS: | Linux (Linux, others?) |
Assigned to: | Assigned Account | CPU Architecture: | Any |
[18 May 2006 21:08]
Markus Popp
[18 May 2006 22:00]
Valeriy Kravchuk
Thank you for a bug report. Verified just as described with 5.0.22-BK (ChangeSet@1.2122.24.1, 2006-05-18 00:55:28+04:00) on Linux: mysql> CREATE USER testuser@'%'; Query OK, 0 rows affected (0.01 sec) mysql> CREATE DATABASE test1; Query OK, 1 row affected (0.01 sec) mysql> CREATE DATABASE test2; Query OK, 1 row affected (0.00 sec) mysql> CREATE TABLE test2.tt (id INT NOT NULL PRIMARY KEY); Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON test1.* TO testuser@'%'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON test2.tt TO testuser@'%'; Query OK, 0 rows affected (0.00 sec) mysql> UPDATE mysql.tables_priv SET host='' WHERE user='testuser'; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec) mysql> SHOW GRANTS FOR testuser@'%'; ERROR 2013 (HY000): Lost connection to MySQL server during query mysql> Number of processes running now: 0 060518 21:36:12 mysqld restarted mysql> select version(); ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 1 Current database: test +-----------+ | version() | +-----------+ | 5.0.22 | +-----------+ 1 row in set (0.26 sec) Test case: CREATE USER testuser@'%'; CREATE DATABASE test1; CREATE DATABASE test2; CREATE TABLE test2.tt (id INT NOT NULL PRIMARY KEY); GRANT ALL ON test1.* TO testuser@'%'; GRANT ALL ON test2.tt TO testuser@'%'; UPDATE mysql.tables_priv SET host='' WHERE user='testuser'; FLUSH PRIVILEGES; SHOW GRANTS FOR testuser@'%';
[18 May 2006 22:10]
MySQL Verification Team
Also crash 4.1: miguel@hegel:~/dbs/4.1> bin/mysql -uroot Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 to server version: 4.1.19-debug Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> CREATE USER testuser@'%'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'USER testuser@'%'' at line 1 mysql> CREATE DATABASE test1; Query OK, 1 row affected (0.03 sec) mysql> CREATE DATABASE test2; Query OK, 1 row affected (0.00 sec) mysql> CREATE TABLE test2.tt (id INT NOT NULL PRIMARY KEY); Query OK, 0 rows affected (0.02 sec) mysql> GRANT ALL ON test1.* TO testuser@'%'; Query OK, 0 rows affected (0.00 sec) mysql> GRANT ALL ON test2.tt TO testuser@'%'; Query OK, 0 rows affected (0.00 sec) mysql> UPDATE mysql.tables_priv SET host='' WHERE user='testuser'; Query OK, 1 row affected (0.01 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.01 sec) mysql> SHOW GRANTS FOR testuser@'%'; ERROR 2013 (HY000): Lost connection to MySQL server during query [New Thread 1114811312 (LWP 23361)] /home/miguel/dbs/4.1/libexec/mysqld: ready for connections. Version: '4.1.19-debug' socket: '/tmp/mysql.sock' port: 3306 Source distribution [New Thread 1129880496 (LWP 23391)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1129880496 (LWP 23391)] 0x08433952 in my_strcasecmp_utf8 (cs=0x85d1e40, s=0x8c97d08 "%", t=0x0) at ctype-utf8.c:2130 2130 while (s[0] && t[0]) Current language: auto; currently c (gdb)
[19 May 2006 4:31]
MySQL Verification Team
didn't crash my 4.0.26 <cut> mysql> SHOW GRANTS FOR testuser@'%'; +-----------------------------------------------------+ | Grants for testuser@% | +-----------------------------------------------------+ | GRANT USAGE ON *.* TO 'testuser'@'%' | | GRANT ALL PRIVILEGES ON `test1`.* TO 'testuser'@'%' | +-----------------------------------------------------+ 2 rows in set (0.00 sec)
[31 May 2006 13:38]
Tatiana Azundris Nuernberg
duplicate of #16297: In memory grant tables not flushed when users's hostname is ""
[31 May 2006 13:39]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/7094