Bug #33464 | DROP FUNCTION caused a crash. | ||
---|---|---|---|
Submitted: | 21 Dec 2007 17:02 | Modified: | 11 Apr 2008 14:05 |
Reporter: | Horst Hunger | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Stored Routines | Severity: | S1 (Critical) |
Version: | 5.1.23-rc | OS: | Linux (Suse 10.1) |
Assigned to: | Chad MILLER | CPU Architecture: | Any |
[21 Dec 2007 17:02]
Horst Hunger
[16 Feb 2008 22:58]
Chad MILLER
The shortest way to exercise the bug is to have user X create a stored procedure or function, and then DROP the user, and then DROP the routine. The cause of the crash is an assertion failure that we do not emit an error message (user not found) and then return "ok". The assertion is valid, and we were ignoring the buggy behavior prior to the "Diagnostics" result-verification. T@3 : | | | | | >replace_routine_table T@3 : | | | | | | >find_acl_user T@3 : | | | | | | | enter: host: 'localhost' user: 'userbug33464' T@3 : | | | | | | | info: strcmp('userbug33464','root'), compare_hostname('localhost','localhost'), T@3 : | | | | | | | info: strcmp('userbug33464','root'), compare_hostname('localhost','zippy'), T@3 : | | | | | | | info: strcmp('userbug33464','root'), compare_hostname('localhost','127.0.0.1'), T@3 : | | | | | | <find_acl_user T@3 : | | | | | | | error: error: 1133 message: 'Can't find any matching row in the user table' The simplest thing that could possibly work is to push a flag from the SP code into the ACL code that means "do not emit an error". That is ugly, though, and I'm averse to it. --- The best fix, I think, is to avoid the error message altogether. There is a hidden bug in behavior, and this would fix it: When we drop a user, we should also drop all routines defined by that user. Reasons: - This is the behavior that is most like all other DBMSes (though our user/schema model doesn't map directly to the other DBMSes). - Storing the SECURITY CONTEXT DEFINER value as a string and looking up the user based on that string at routine-execution-time is a big gaping security problem. Heirs of a username shouldn't automatically and silently be heirs of executing code. --- An alternative is to refuse to drop users so long as they have routines defined. This was my first idea, but antony and trudy convinced me otherwise.
[17 Feb 2008 7:51]
Konstantin Osipov
Chad, as a quick advice, try moving send_ok() out of the routine in question to the level of the caller and make the routine either return success or error. But I will need to look more to come up with a better solution.
[19 Feb 2008 22:24]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/42602 ChangeSet@1.2523, 2008-02-19 17:23:50-05:00, cmiller@zippy.cornsilk.net +3 -0 Bug#33464: DROP FUNCTION caused a crash The cause of the crash is an assertion failure that we do not emit an error message (grant not found) and then return "ok". The assertion is valid, and we were ignoring the buggy behavior prior to the "Diagnostics" result-verification. This patch moves the reporting of the message up to the three callers and in the one where it is not an error, it reports it as a warning.
[21 Feb 2008 19:06]
Konstantin Osipov
Sent a review request by email.
[22 Feb 2008 22:16]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/42886 ChangeSet@1.2523, 2008-02-22 17:16:21-05:00, cmiller@zippy.cornsilk.net +3 -0 Bug#33464: DROP FUNCTION caused a crash The cause of the crash is an assertion failure that we do not emit an error message (grant not found) and then return "ok". The assertion is valid, and we were ignoring the buggy behavior prior to the "Diagnostics" result-verification. Use an error handler to mutate missing-grant errors, when removing routines, into messages.
[25 Feb 2008 17:34]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/42947 ChangeSet@1.2523, 2008-02-25 12:34:23-05:00, cmiller@zippy.cornsilk.net +3 -0 Bug#33464: DROP FUNCTION caused a crash The cause of the crash is an assertion failure that we do not emit an error message (grant not found) and then return "ok". The assertion is valid, and we were ignoring the buggy behavior prior to the "Diagnostics" result-verification. Use an error handler to mutate innocuous missing-grant errors, when removing routines, into warnings.
[5 Mar 2008 14:34]
Bugs System
A patch for this bug has been committed. After review, it may be pushed to the relevant source trees for release in the next version. You can access the patch from: http://lists.mysql.com/commits/43464 ChangeSet@1.2523, 2008-03-05 09:33:32-05:00, cmiller@zippy.cornsilk.net +3 -0 Bug#33464: DROP FUNCTION caused a crash The cause of the crash is an assertion failure that we do not emit an error message (grant not found) and then return "ok". The assertion is valid, and we were ignoring the buggy behavior prior to the "Diagnostics" result-verification. Use an error handler to mutate innocuous missing-grant errors, when removing routines, into warnings.
[5 Mar 2008 14:43]
Chad MILLER
Pushed to 5.1-build and 6.0-build.
[27 Mar 2008 22:04]
Bugs System
Pushed into 5.1.24-rc
[28 Mar 2008 11:10]
Bugs System
Pushed into 6.0.5-alpha
[11 Apr 2008 14:05]
Jon Stephens
Documented in the 5.1.24 and 6.0.5 changelogs as follows: Dropping a function after dropping the function's creator could cause the server to crash.