Bug #108222 ACL cache locking not consistent in 'change_password' function
Submitted: 22 Aug 2022 12:05 Modified: 22 Aug 2022 13:22
Reporter: Kamil Holubicki (OCA) Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:8.0 OS:Any
Assigned to: CPU Architecture:Any

[22 Aug 2022 12:05] Kamil Holubicki
I'm not sure what is its impact (if any), but while messing around with the code I've found that sql_user.cc::change_password() function creates Acl_cache_lock_guard object outside the scope intended to be the critical section. This causes the lock to be acquired up to the function return and call to acl_notify_htons() being made with the lock acquired.

All other functions in sql_user.cc and sql_authorization.cc implement the critical section in a proper way, which causes acl_notify_htons() to be called without ACL cache lock acquired.

How to repeat:
I don't have any case showing the server's misbehavior. This is rather to request the review of the suspicious place in the code and fix it to be cleaner.

Suggested fix:
Move the creation of Acl_cache_lock_guard object inside the intended critical section scope.
[22 Aug 2022 12:06] Kamil Holubicki
proposed patch

(*) I confirm the code being submitted is offered under the terms of the OCA, and that I am authorized to contribute it.

Contribution: acl_cache_lock.patch (text/x-patch), 859 bytes.

[22 Aug 2022 13:22] MySQL Verification Team
Hi Mr. Holubicki,

Thank you for your bug report.

We have analysed your patch and we think that you are correct.

Verified as reported.

Thank you for your contribution.