Bug #75893 server crash while connecting with cleartext-plugin user with blank pwd
Submitted: 13 Feb 2015 12:04 Modified: 25 Mar 2015 15:26
Reporter: Ramana Yeruva Email Updates:
Status: Closed Impact on me:
Category:MySQL Server: Pluggable Authentication Severity:S3 (Non-critical)
Version:5.7.6 OS:Any
Assigned to: CPU Architecture:Any

[13 Feb 2015 12:04] Ramana Yeruva
Originally Noticed by rajesh.x.s@oracle.com

execute below steps with this package /home/bteam/my/build-201502100816-5.7.6-m16/mysql-5.7.6-m16-build/dist/packages/mysql-5.7.6-m16-linux-glibc2.5-x86_64.tar.gz

-bash-4.1$ ./mysqld -uroot --basedir=../ --datadir=./data --initialize
-bash-4.1$ ulimit -c unlimited
-bash-4.1$ ./mysqld -uroot --basedir=../ --datadir=./data --gdb &
-bash-4.1$ ./mysql -uroot 
mysql> create database abcd;
Query OK, 1 row affected (0.00 sec)
mysql> INSTALL PLUGIN cleartext_plugin_server SONAME 'auth_test_plugin.so'; 
Query OK, 0 rows affected (0.01 sec)
mysql> grant usage on *.* to abc@localhost identified WITH cleartext_plugin_server AS '';
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> grant select,insert on abcd.* to abc@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)
mysql> exit
-bash-4.1$ ./mysql -uabc --enable-cleartext-plugin
ERROR 2013 (HY000): Lost connection to MySQL server at 'reading final connect information', system error: 95
[1]+  Segmentation fault      (core dumped) ./mysqld -uroot --basedir=../ --datadir=./data --gdb

How to repeat:
as above

(gdb) bt
#0  0x00007f358c70059a in __strcmp_sse42 () from /lib64/libc.so.6
#1  0x00007f357584aa70 in auth_cleartext_plugin (vio=<value optimized out>, info=0x7f3584094258)
    at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/plugin/auth/test_plugin.c:155
#2  0x00000000006f4c91 in do_auth_once (thd=0x7f3544011d10, auth_plugin_name=..., mpvio=0x7f3584094240)
    at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/auth/sql_authentication.cc:1860
#3  0x00000000006f73ac in acl_authenticate (thd=0x7f3544011d10, com_change_user_pkt_len=0)
    at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/auth/sql_authentication.cc:2079
#4  0x0000000000ab532d in check_connection (thd=0x7f3544011d10) at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/sql_connect.cc:677
#5  0x0000000000ab57e5 in login_connection (thd=0x7f3544011d10) at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/sql_connect.cc:720
#6  thd_prepare_connection (thd=0x7f3544011d10) at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/sql_connect.cc:857
#7  0x0000000000bb5e4c in handle_connection (arg=<value optimized out>)
    at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/sql/conn_handler/connection_handler_per_thread.cc:291
#8  0x0000000000f760ba in pfs_spawn_thread (arg=0x36c5a40) at /export/home/pb2/build/sb_0-14375196-1423567394.7/mysql-5.7.6-m16/storage/perfschema/pfs.cc:2147
#9  0x00007f358d9579d1 in start_thread () from /lib64/libpthread.so.0
#10 0x00007f358c6c0b5d in clone () from /lib64/libc.so.6

Suggested fix:
As initial discussion with Satish, this may be due to wl#6409
[25 Mar 2015 15:26] Paul DuBois
Noted in 5.7.7, 5.8.0 changelogs.

The server could exit if a client using the cleartext authentication
plugin attempted to connect with an empty password.