Bug #41456 SET PASSWORD hates CURRENT_USER()
Submitted: 14 Dec 2008 19:18 Modified: 12 Feb 2009 12:10
Reporter: Shaun Spiller Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: General Severity:S3 (Non-critical)
Version:5.1/5.0/6.0 OS:Microsoft Windows
Assigned to: Sergey Glukhov CPU Architecture:Any
Tags: regression
Triage: Triaged: D1 (Critical)

[14 Dec 2008 19:18] Shaun Spiller
Description:
Hi.
When I issue this command:
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");

I get this message:
ERROR 2013 (HY000): Lost connection to MySQL server during query

and the server crashes.

The value of CURRENT_USER() is @localhost but when I do the following:
SET PASSWORD FOR ''@'localhost' = PASSWORD("admin");

it works fine. It doesn't make a difference what password is used.

The documentation doesn't say that using CURRENT_USER() like that is a valid syntax, but I didn't know that, so I just typed in what I thought made sense. It shouldn't crash though, right? (If a backtrace is needed to reproduce I will try to generate one, but please tell me how because I couldn't find any info on it.)

How to repeat:
SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
[14 Dec 2008 21:45] Miguel Solorzano
Windows 32-bit source 3 days older:

c:\dbs>c:\dbs\5.1\bin\mysqld --defaults-file=c:\dbs\5.1\my.ini --standalone --console
081214 18:44:06  InnoDB: Started; log sequence number 0 57253
081214 18:44:07 [Note] Event Scheduler: Loaded 0 events
081214 18:44:07 [Note] c:\dbs\5.1\bin\mysqld: ready for connections.
Version: '5.1.31-nt-debug-log'  socket: ''  port: 3510  Source distribution
081214 18:44:33 - mysqld got exception 0xc0000005 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.

key_buffer_size=8388572
read_buffer_size=131072
max_used_connections=1
max_threads=151
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 337709 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.

thd: 0x1eb0f78
Attempting backtrace. You can use the following information to find out
where mysqld died. If you see no messages after this, something went
terribly wrong...
009B0FA2    mysqld.exe!strcmp()[strcmp.asm:79]
005ECE69    mysqld.exe!check_change_password()[sql_acl.cc:1538]
CCCCCCCC
038EF6A0
0067BBF1    mysqld.exe!mysql_parse()[sql_parse.cc:5789]
006706CE    mysqld.exe!dispatch_command()[sql_parse.cc:1200]
0066FDB7    mysqld.exe!do_command()[sql_parse.cc:857]
00780AF4    mysqld.exe!handle_one_connection()[sql_connect.cc:1115]
008498A6    mysqld.exe!pthread_start()[my_winthread.c:85]
009B93B7    mysqld.exe!_threadstart()[thread.c:196]
7C80B713    kernel32.dll!GetModuleFileNameA()
Trying to get some variables.
Some pointers may be invalid and cause the dump to abort...
thd->query at 01EFEC58=SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin")
thd->thread_id=1
thd->killed=NOT_KILLED
The manual page at http://dev.mysql.com/doc/mysql/en/crashing.html contains
information that should help you find out what is causing the crash.
[14 Dec 2008 21:50] Miguel Solorzano
Thank you for the bug report. Repeatable on 5.0 and 6.0 bzr tree too. Not repeatable on older released version 5.0.22.

C:\temp\mysql-5.0.22-win32>bin\mysql -uroot
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1 to server version: 5.0.22-community

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> SET PASSWORD FOR CURRENT_USER() = PASSWORD("admin");
Query OK, 0 rows affected (0.06 sec)

mysql>
[17 Dec 2008 10:22] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/61847

2746 Sergey Glukhov	2008-12-17
      Bug#41456 SET PASSWORD hates CURRENT_USER()
      init user->user struct with 
      thd->security_ctx->priv_user context
      if user->user is not initializied
[17 Dec 2008 13:34] Alexander Barkov
http://lists.mysql.com/commits/61847 looks ok to push.
[24 Dec 2008 15:15] Bugs System
A patch for this bug has been committed. After review, it may
be pushed to the relevant source trees for release in the next
version. You can access the patch from:

  http://lists.mysql.com/commits/62299

2723 Sergey Glukhov	2008-12-24
      Bug#41456 SET PASSWORD hates CURRENT_USER()
      init user->user struct with 
      thd->security_ctx->priv_user context
      if user->user is not initializied
[24 Dec 2008 19:37] Shaun Spiller
What happened to my bug report? It's been eaten, or it's invisible or something. This page doesn't make sense any more because nowhere does it explain what the bug actually is. :-/
[6 Jan 2009 13:57] Bugs System
Pushed into 5.0.76 (revid:joro@sun.com-20090105160414-8q9j4bi1klkfwiup) (version source revid:azundris@mysql.com-20081230114734-nmsc37ak330zlygn) (merge vers: 5.0.76) (pib:6)
[6 Jan 2009 14:56] Shaun Spiller
MySQL I think your bugs system has a bug in it.

I'm guessing this must have been marked, like, security-conscious or something, because when I'm logged out I can't see this page. It just gives an access denied message.

But when I'm logged in I can access this page but the bug report is apparently invisible. So now the page looks stupid and doesn't make sense.

So that doesn't really make sense, that a person who already knows what the bug is isn't allowed to remember what they wrote in the first place...
[7 Jan 2009 20:26] Paul Dubois
Noted in 5.0.76 changelog.

SET PASSWORD caused a server crash if the account name was given as
CURRENT_USER().

Setting report to NDI pending push into 5.1.x/6.0.x.
[15 Jan 2009 6:36] Bugs System
Pushed into 5.1.31 (revid:joro@sun.com-20090115053147-tx1oapthnzgvs1ro) (version source revid:azundris@mysql.com-20081230114838-cn52tu180wcrvh0h) (merge vers: 5.1.31) (pib:6)
[15 Jan 2009 16:38] Paul Dubois
Noted in 5.1.31 changelog.

Setting report to NDI pending push into 6.0.x.
[19 Jan 2009 11:31] Bugs System
Pushed into 5.1.31-ndb-6.2.17 (revid:tomas.ulin@sun.com-20090119095303-uwwvxiibtr38djii) (version source revid:tomas.ulin@sun.com-20090115073240-1wanl85vlvw2she1) (merge vers: 5.1.31-ndb-6.2.17) (pib:6)
[19 Jan 2009 13:08] Bugs System
Pushed into 5.1.31-ndb-6.3.21 (revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (version source revid:tomas.ulin@sun.com-20090119104956-guxz190n2kh31fxl) (merge vers: 5.1.31-ndb-6.3.21) (pib:6)
[19 Jan 2009 15:04] Jon Stephens
Setting status back to NDI pending merge to 6.0 tree.
[19 Jan 2009 16:14] Bugs System
Pushed into 5.1.31-ndb-6.4.1 (revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (version source revid:tomas.ulin@sun.com-20090119144033-4aylstx5czzz88i5) (merge vers: 5.1.31-ndb-6.4.1) (pib:6)
[20 Jan 2009 18:54] Bugs System
Pushed into 6.0.10-alpha (revid:joro@sun.com-20090119171328-2hemf2ndc1dxl0et) (version source revid:azundris@mysql.com-20081230114916-c290n83z25wkt6e4) (merge vers: 6.0.9-alpha) (pib:6)
[29 Jan 2009 5:29] Paul Dubois
Noted in 6.0.10 changelog.
[9 Feb 2009 14:23] Shaun Spiller
This is still broken.
[12 Feb 2009 9:46] Sveta Smirnova
Shaun,

which operating system and version of MySQL do you use?
[12 Feb 2009 12:10] Shaun Spiller
Not the bug; I've been saying that this bug page itself was messed up. But now it's changed and it works again. Did you change something? Thank you if you did. Never mind if you didn't. It's okay now.
~
[9 Jun 2009 19:02] Paul Dubois
Noted in 5.0.74sp1 changelog.