| Bug #74794 | use validate password plugin result in mysqld shutdown abnormally | ||
|---|---|---|---|
| Submitted: | 11 Nov 2014 14:28 | Modified: | 12 Nov 2014 13:39 |
| Reporter: | wang huai | Email Updates: | |
| Status: | Closed | Impact on me: | |
| Category: | MySQL Server | Severity: | S1 (Critical) |
| Version: | 5.6.20 | OS: | Any |
| Assigned to: | CPU Architecture: | Any | |
| Tags: | MySQL, plugin, validate password | ||
[11 Nov 2014 16:12]
MySQL Verification Team
Thank you for the bug report. Please try version 5.6.21:
Enter password: ******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.6.21-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> INSTALL PLUGIN validate_password SONAME 'validate_password.dll';
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_special_char_count=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_policy = 2;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_number_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_mixed_case_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_length = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set password = password('');
Query OK, 0 rows affected (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sakila |
| sgnassethealth |
| test |
| world |
+--------------------+
7 rows in set (0.00 sec)
[12 Nov 2014 2:28]
wang huai
do you have set the variable validate_password_dictionary_file to one password file, and it need to include several password. if not , please set it and test agian thank you very much
[12 Nov 2014 11:26]
MySQL Verification Team
D:\mysql-5.6.21-winx64>bin\mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.21 MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set global validate_password_special_char_count=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_policy = 2;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_number_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_mixed_case_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_length = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set password = password('');
ERROR 2013 (HY000): Lost connection to MySQL server during query
mysql>
13f3a9786 mysqld.exe!String::~String()[sql_string.h:187]
13f8e44d1 mysqld.exe!`eh vector destructor iterator'()
13f571832 mysqld.exe!mysql_string_free()[string_service.cc:55]
7feeb388ef8 validate_password.dll!validate_dictionary_check()[validate_password.cc:143]
7feeb3893ba validate_password.dll!validate_password_policy_strength()[validate_password.cc:209]
13f47400b mysqld.exe!check_password_policy()[sql_acl.cc:12318]
13f479ab8 mysqld.exe!change_password()[sql_acl.cc:2491]
13f46625e mysqld.exe!set_var_password::update()[set_var.cc:799]
13f466c0f mysqld.exe!sql_set_variables()[set_var.cc:573]
13f3f8a93 mysqld.exe!mysql_execute_command()[sql_parse.cc:3713]
13f3fadb0 mysqld.exe!mysql_parse()[sql_parse.cc:6252]
13f3fbbef mysqld.exe!dispatch_command()[sql_parse.cc:1335]
13f3fcca7 mysqld.exe!do_command()[sql_parse.cc:1040]
13f47f0f4 mysqld.exe!do_handle_one_connection()[sql_connect.cc:982]
13f47f1aa mysqld.exe!handle_one_connection()[sql_connect.cc:900]
13f852146 mysqld.exe!pfs_spawn_thread()[pfs.cc:1863]
13f65c46e mysqld.exe!pthread_start()[my_winthread.c:63]
13f8eb36b mysqld.exe!_callthreadstartex()[threadex.c:314]
13f8eb3ff mysqld.exe!_threadstartex()[threadex.c:292]
775c59ed kernel32.dll!BaseThreadInitThunk()
776fc541 ntdll.dll!RtlUserThreadStart()
----------------------------------------------------------------------
[12 Nov 2014 11:43]
MySQL Verification Team
Thank you for the feedback. I was able to repeat with 5.6.21 but not anymore with current source:
c:\dbs>5.6\bin\mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.6.22 Source distribution
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> set global validate_password_special_char_count=0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_policy = 2;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_number_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_mixed_case_count = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set global validate_password_length = 0;
Query OK, 0 rows affected (0.00 sec)
mysql> set password = password('');
Query OK, 0 rows affected (0.00 sec)
mysql> show variables like "%validate%";
+--------------------------------------+------------------+
| Variable_name | Value |
+--------------------------------------+------------------+
| query_cache_wlock_invalidate | OFF |
| validate_password_dictionary_file | c:\dbs\5.6\pass2 |
| validate_password_length | 0 |
| validate_password_mixed_case_count | 0 |
| validate_password_number_count | 0 |
| validate_password_policy | STRONG |
| validate_password_special_char_count | 0 |
+--------------------------------------+------------------+
7 rows in set (0.00 sec)
So please wait for the new release.
[12 Nov 2014 13:39]
wang huai
thank you for your feedback. do you mean this bug is existed in 5.6.21, but it is not in 5.6.22? is it has been modified?
Description: when use validate_password plugin, and set some variables to 0, and set the validate_password_dictionary_file variable to one Password fileļ¼and then execute the statement: set password = password(''); then.... server shutdown... How to repeat: execute sql statement as follows: 1. INSTALL PLUGIN validate_password SONAME 'validate_password.so'; 2. set global validate_password_special_char_count=0; 3. set global validate_password_policy = 2; 4. set global validate_password_number_count = 0; 5. set global validate_password_mixed_case_count = 0; 6. set global validate_password_length = 0; then test begin: set password = password(''); then server shutdown Suggested fix: in function copy_if_not_alloced(), the in-parameter 'from' and 'to' will be returned respectively when different conditions, but the caller of this function(mysql_string_to_lowercase) use the return parameter to overwrite the local variable 'res', this is not the same as to the definition(String *res= new String[1];), but in code(validate_password.cc:141):mysql_string_free(lower_string_handle); local variable 'lower_string_handle' is the return value of function mysql_string_to_lowercase(), so it can not free the different object by only one method(delete [] str) in function mysql_string_free().