Bug #13310 incorrect user parsing by SP
Submitted: 18 Sep 2005 23:02 Modified: 20 Apr 2006 12:44
Reporter: Oleksandr Byelkin Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.0 OS:Any (all)
Assigned to: Magnus Blåudd CPU Architecture:Any

[18 Sep 2005 23:02] Oleksandr Byelkin
Description:
user like `a@`@localhost will be incorrectly parsed after read from db

How to repeat:
execute following mysql.test script:
------------------------------------------------------------------
connect (root,localhost,root,,test);
connection root;
--disable_warnings
create database mysqltest;
--enable_warnings

grant all privileges on test.* to `a@`@localhost;
grant execute on * to `a@`@localhost;

connect (user1,localhost,'a@',,test);
connection user1;
create table t2 (s1 int);
--disable_warnings
drop function if exists f2;
--enable_warnings
delimiter //;
create function f2 () returns int begin declare v int; select s1 from t2
into v; return v; end//
delimiter ;//
select f2();

connection root;
REVOKE ALL PRIVILEGES, GRANT OPTION FROM `a@`@localhost;
------------------------------------------------------------------------
it will return error while user have rights to execute function
Errors are (from /home/bell/mysql/bk/work-mrg-5.0/mysql-test/var/log/mysqltest-time) :
mysqltest: At line 20: query 'select f2()' failed: 1370: execute command denied to user ''@'localhost' for routine 'test.f2'
(the last lines may be the most important ones)

Suggested fix:
use strrchr instead of strchr during parsing of store user and host parts separately in db
[17 Mar 2006 16:36] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/3935
[9 Apr 2006 1:22] Ian Greenhoe
Patch looks good to me.
[18 Apr 2006 8:47] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/5063
[19 Apr 2006 11:32] Magnus Blåudd
Pushed to 5.0.21 a fix that strips surrounding ' (apostrophe) from username.
[20 Apr 2006 12:44] Paul Dubois
Noted in 5.0.21 changelog.

Within stored routines, usernames were parsed incorrectly if
they were enclosed within quotes. (Bug #13310)