Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-30154

Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC

Details

    Description

      CLI:

      LOCK TABLES mysql.time_zone WRITE;
      FLUSH PRIVILEGES;
      LOCK TABLE nonexisting WRITE;
      GRANT SELECT ON *.* TO PUBLIC;
      

      MTR:

      USE test;
      GRANT SELECT ON *.* TO PUBLIC; 
      LOCK TABLES mysql.time_zone WRITE,mysql.proc WRITE;
      --error 1100
      FLUSH PRIVILEGES;
      --error 1146
      LOCK TABLE nonexisting WRITE;
      --error 1100
      GRANT SELECT ON *.* TO PUBLIC;
      

      Leads to:

      10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug)

      mysqld: /test/10.11_dbg/sql/sql_acl.cc:3469: void acl_update_role(const char*, privilege_t): Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed.
      

      10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug)

      Core was generated by `/test/MD291122-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
      Program terminated with signal SIGABRT, Aborted.
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      [Current thread is 1 (Thread 0x15430a0b0700 (LWP 4172589))]
      (gdb) bt
      #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
      #1  0x0000154326c3f859 in __GI_abort () at abort.c:79
      #2  0x0000154326c3f729 in __assert_fail_base (fmt=0x154326dd5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55587bedc660 "strcasecmp(rolename, public_name.str) || acl_public == role", file=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=3469, function=<optimized out>) at assert.c:92
      #3  0x0000154326c50fd6 in __GI___assert_fail (assertion=assertion@entry=0x55587bedc660 "strcasecmp(rolename, public_name.str) || acl_public == role", file=file@entry=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=line@entry=3469, function=function@entry=0x55587bedc630 "void acl_update_role(const char*, privilege_t)") at assert.c:101
      #4  0x000055587b293c90 in acl_update_role (privileges=SELECT_ACL, rolename=0x55587beddead "PUBLIC") at /test/10.11_dbg/sql/sql_acl.cc:3469
      #5  replace_user_table (thd=thd@entry=0x1542d4000d48, user_table=<optimized out>, combo=combo@entry=0x1542d4013308, rights=rights@entry=SELECT_ACL, revoke_grant=revoke_grant@entry=false, can_create_user=<optimized out>, no_auto_create=false) at /test/10.11_dbg/sql/sql_acl.cc:4936
      #6  0x000055587b2a2999 in mysql_grant (thd=thd@entry=0x1542d4000d48, db=0x0, list=@0x1542d4005e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1542d4013248, last = 0x1542d4013248, elements = 1}, <No data fields>}, rights=SELECT_ACL, revoke_grant=false, is_proxy=is_proxy@entry=false) at /test/10.11_dbg/sql/sql_acl.cc:2058
      #7  0x000055587b2a3230 in Sql_cmd_grant_table::execute_table_mask (this=0x1542d4013258, thd=0x1542d4000d48) at /test/10.11_dbg/sql/sql_acl.h:319
      #8  0x000055587b2a330f in Sql_cmd_grant_table::execute (this=<optimized out>, thd=<optimized out>) at /test/10.11_dbg/sql/sql_acl.cc:12396
      #9  0x000055587b33ca03 in mysql_execute_command (thd=thd@entry=0x1542d4000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:5999
      #10 0x000055587b3255a6 in mysql_parse (thd=thd@entry=0x1542d4000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15430a0af300) at /test/10.11_dbg/sql/sql_parse.cc:7998
      #11 0x000055587b332ae1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1542d4000d48, packet=packet@entry=0x1542d400adf9 "GRANT SELECT ON *.* TO PUBLIC", packet_length=packet_length@entry=29, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
      #12 0x000055587b334f1f in do_command (thd=0x1542d4000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
      #13 0x000055587b48fb27 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55587ec543c8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1415
      #14 0x000055587b48fff6 in handle_one_connection (arg=0x55587ec543c8) at /test/10.11_dbg/sql/sql_connect.cc:1317
      #15 0x0000154327150609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #16 0x0000154326d3c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.11.2 (dbg)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.28 (dbg), 10.4.28 (opt), 10.5.19 (dbg), 10.5.19 (opt), 10.6.12 (dbg), 10.6.12 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.7 (dbg), 10.8.7 (opt), 10.9.5 (dbg), 10.9.5 (opt), 10.10.3 (dbg), 10.10.3 (opt), 10.11.2 (opt)

      Attachments

        Issue Links

          Activity

            Roel Roel Van de Paar added a comment - - edited

            Interestingly, using the final MDEV-5215 implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we see stack rendering issues (MTR output):

            10.11.1 b4e7803a6f4c734fc5f06a0b0d78285510ae0f48

            Program terminated with signal SIGABRT, Aborted.
            #0  0x000014722399e00b in ?? ()
            [Current thread is 1 (LWP 2075610)]
            #0  0x000014722399e00b in ?? ()
            #1  0x0000000000087007 in ?? ()
            #2  0x00001472239f56d0 in ?? ()
            #3  0x00001472fbad8000 in ?? ()
            #4  0x0000147210114d10 in ?? ()
            #5  0x0000147210114d75 in ?? ()
            #6  0x0000147210114d10 in ?? ()
            #7  0x0000147210114d10 in ?? ()
            #8  0x0000147210114dca in ?? ()
            #9  0x0000147210114e3c in ?? ()
            #10 0x0000147210114d10 in ?? ()
            #11 0x0000147210114e3c in ?? ()
            #12 0x0000000000000000 in ?? ()
            

            And, as expected, in the commit just before the MDEV-5215 patches, the syntax is invalid:

            10.11.1 2bd41fc5bf765bb9b1b2caa872070b271fc7c039

            mysqltest: At line 2: query 'GRANT SELECT ON *.* TO PUBLIC' failed: ER_INVALID_ROLE (1959): Invalid role specification `PUBLIC`
            

            This issue is thus caused by MDEV-5215, however, there are some intersting things to observe:
            1. Stack smashing was present originally, but (it looks like) not anymore now.
            2. Using the final MDEV-5215 implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we need to add GRANT SELECT ON . TO PUBLIC; to the start of the CLI testcase (leading to the same crash), but this is no longer necessary in more recent 10.11 builds.
            As such, it looks like one or more changes (affecting the feature) were applied after commit b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 which change the outcomes.

            Roel Roel Van de Paar added a comment - - edited Interestingly, using the final MDEV-5215 implementation commit ( b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 ) we see stack rendering issues (MTR output): 10.11.1 b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 Program terminated with signal SIGABRT, Aborted. #0 0x000014722399e00b in ?? () [Current thread is 1 (LWP 2075610)] #0 0x000014722399e00b in ?? () #1 0x0000000000087007 in ?? () #2 0x00001472239f56d0 in ?? () #3 0x00001472fbad8000 in ?? () #4 0x0000147210114d10 in ?? () #5 0x0000147210114d75 in ?? () #6 0x0000147210114d10 in ?? () #7 0x0000147210114d10 in ?? () #8 0x0000147210114dca in ?? () #9 0x0000147210114e3c in ?? () #10 0x0000147210114d10 in ?? () #11 0x0000147210114e3c in ?? () #12 0x0000000000000000 in ?? () And, as expected, in the commit just before the MDEV-5215 patches, the syntax is invalid: 10.11.1 2bd41fc5bf765bb9b1b2caa872070b271fc7c039 mysqltest: At line 2: query 'GRANT SELECT ON *.* TO PUBLIC' failed: ER_INVALID_ROLE (1959): Invalid role specification `PUBLIC` This issue is thus caused by MDEV-5215 , however, there are some intersting things to observe: 1. Stack smashing was present originally, but (it looks like) not anymore now. 2. Using the final MDEV-5215 implementation commit ( b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 ) we need to add GRANT SELECT ON . TO PUBLIC; to the start of the CLI testcase (leading to the same crash), but this is no longer necessary in more recent 10.11 builds. As such, it looks like one or more changes (affecting the feature) were applied after commit b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 which change the outcomes.

            actually

            GRANT SELECT ON *.* TO PUBLIC; 
            

            should not return error becase failed

            LOCK TABLE nonexisting WRITE;
            

            unlock table

            sanja Oleksandr Byelkin added a comment - actually GRANT SELECT ON *.* TO PUBLIC ; should not return error becase failed LOCK TABLE nonexisting WRITE; unlock table

            commit c21e8530038b4d41e344fdc7322d386c07a7a7f0 (HEAD -> bb-10.3-MDEV-30154, origin/bb-10.3-MDEV-30154)
            Author: Oleksandr Byelkin <sanja@mariadb.com>
            Date:   Wed Dec 7 14:59:06 2022 +0100
             
                MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC
                
                Reset of acl_public was made too early (before saving it to restore in case
                of error).
            

            sanja Oleksandr Byelkin added a comment - commit c21e8530038b4d41e344fdc7322d386c07a7a7f0 (HEAD -> bb-10.3-MDEV-30154, origin/bb-10.3-MDEV-30154) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Wed Dec 7 14:59:06 2022 +0100   MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC Reset of acl_public was made too early (before saving it to restore in case of error).

            ok to push

            serg Sergei Golubchik added a comment - ok to push

            People

              sanja Oleksandr Byelkin
              Roel Roel Van de Paar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.