Bug #37782 Program defensively in sql_acl.cc
Submitted: 1 Jul 2008 17:58 Modified: 7 Jul 2009 6:30
Reporter: Mark Callaghan Email Updates:
Status: Verified Impact on me:
Category:MySQL Server: Security: Privileges Severity:S3 (Non-critical)
Version:5.0.62, 5.1, 4.1, 6.0 bzr OS:Any
Assigned to: CPU Architecture:Any
Tags: access, authentication, sql_acl

[1 Jul 2008 17:58] Mark Callaghan
Code in sql_acl is very casual about error handling. Given that this code does authentication and access control, it should do better.

Examples of the problems include:
* function calls that ignore error results (grep for VOID)
* functions that return void but should be able to return an error
  acl_insert* functions

Who knows what will happen when malloc fails?

How to repeat:
Read the code
[1 Jul 2008 19:51] Sveta Smirnova
Thank you for the report.

Verified as described.