Bug #37782 Program defensively in sql_acl.cc
Submitted: 1 Jul 2008 17:58 Modified: 7 Jul 2009 6:30
Reporter: Mark Callaghan Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.0.62, 5.1, 4.1, 6.0 bzr OS:Any
Assigned to: CPU Architecture:Any
Tags: access, authentication, sql_acl
Triage: Triaged: D5 (Feature request) / R2 (Low) / E3 (Medium)

[1 Jul 2008 17:58] Mark Callaghan
Description:
Code in sql_acl is very casual about error handling. Given that this code does authentication and access control, it should do better.

Examples of the problems include:
* function calls that ignore error results (grep for VOID)
  VOID(my_init_dynamic_array(&acl_dbs,sizeof(ACL_DB),50,100));
* functions that return void but should be able to return an error
  acl_insert* functions

Who knows what will happen when malloc fails?

How to repeat:
Read the code
[1 Jul 2008 19:51] Sveta Smirnova
Thank you for the report.

Verified as described.