[MDEV-30154] Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.11
Fix Version/s: 10.11.2
Component/s: Authentication and Privilege System
Labels:
- regression-10.11

Description

CLI:

LOCK TABLES mysql.time_zone WRITE;

FLUSH PRIVILEGES;

LOCK TABLE nonexisting WRITE;

GRANT SELECT ON *.* TO PUBLIC;

MTR:

USE test;

GRANT SELECT ON *.* TO PUBLIC;

LOCK TABLES mysql.time_zone WRITE,mysql.proc WRITE;

--error 1100

FLUSH PRIVILEGES;

--error 1146

LOCK TABLE nonexisting WRITE;

--error 1100

GRANT SELECT ON *.* TO PUBLIC;

Leads to:

10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug)
mysqld: /test/10.11_dbg/sql/sql_acl.cc:3469: void acl_update_role(const char*, privilege_t): Assertion `strcasecmp(rolename, public_name.str) \|\| acl_public == role' failed.

10.11.2 936436ef437c73911c18854a8ce8dad1216331b8 (Debug)
Core was generated by `/test/MD291122-mariadb-10.11.2-linux-x86_64-dbg/bin/mysqld --no-defaults --core'.
Program terminated with signal SIGABRT, Aborted.
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
[Current thread is 1 (Thread 0x15430a0b0700 (LWP 4172589))]
(gdb) bt
#0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
#1 0x0000154326c3f859 in __GI_abort () at abort.c:79
#2 0x0000154326c3f729 in __assert_fail_base (fmt=0x154326dd5588 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x55587bedc660 "strcasecmp(rolename, public_name.str) \|\| acl_public == role", file=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=3469, function=<optimized out>) at assert.c:92
#3 0x0000154326c50fd6 in __GI___assert_fail (assertion=assertion@entry=0x55587bedc660 "strcasecmp(rolename, public_name.str) \|\| acl_public == role", file=file@entry=0x55587beddf48 "/test/10.11_dbg/sql/sql_acl.cc", line=line@entry=3469, function=function@entry=0x55587bedc630 "void acl_update_role(const char*, privilege_t)") at assert.c:101
#4 0x000055587b293c90 in acl_update_role (privileges=SELECT_ACL, rolename=0x55587beddead "PUBLIC") at /test/10.11_dbg/sql/sql_acl.cc:3469
#5 replace_user_table (thd=thd@entry=0x1542d4000d48, user_table=<optimized out>, combo=combo@entry=0x1542d4013308, rights=rights@entry=SELECT_ACL, revoke_grant=revoke_grant@entry=false, can_create_user=<optimized out>, no_auto_create=false) at /test/10.11_dbg/sql/sql_acl.cc:4936
#6 0x000055587b2a2999 in mysql_grant (thd=thd@entry=0x1542d4000d48, db=0x0, list=@0x1542d4005e50: {<base_list> = {<Sql_alloc> = {<No data fields>}, first = 0x1542d4013248, last = 0x1542d4013248, elements = 1}, <No data fields>}, rights=SELECT_ACL, revoke_grant=false, is_proxy=is_proxy@entry=false) at /test/10.11_dbg/sql/sql_acl.cc:2058
#7 0x000055587b2a3230 in Sql_cmd_grant_table::execute_table_mask (this=0x1542d4013258, thd=0x1542d4000d48) at /test/10.11_dbg/sql/sql_acl.h:319
#8 0x000055587b2a330f in Sql_cmd_grant_table::execute (this=<optimized out>, thd=<optimized out>) at /test/10.11_dbg/sql/sql_acl.cc:12396
#9 0x000055587b33ca03 in mysql_execute_command (thd=thd@entry=0x1542d4000d48, is_called_from_prepared_stmt=is_called_from_prepared_stmt@entry=false) at /test/10.11_dbg/sql/sql_parse.cc:5999
#10 0x000055587b3255a6 in mysql_parse (thd=thd@entry=0x1542d4000d48, rawbuf=<optimized out>, length=<optimized out>, parser_state=parser_state@entry=0x15430a0af300) at /test/10.11_dbg/sql/sql_parse.cc:7998
#11 0x000055587b332ae1 in dispatch_command (command=command@entry=COM_QUERY, thd=thd@entry=0x1542d4000d48, packet=packet@entry=0x1542d400adf9 "GRANT SELECT ON . TO PUBLIC", packet_length=packet_length@entry=29, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_class.h:1346
#12 0x000055587b334f1f in do_command (thd=0x1542d4000d48, blocking=blocking@entry=true) at /test/10.11_dbg/sql/sql_parse.cc:1407
#13 0x000055587b48fb27 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55587ec543c8, put_in_cache=put_in_cache@entry=true) at /test/10.11_dbg/sql/sql_connect.cc:1415
#14 0x000055587b48fff6 in handle_one_connection (arg=0x55587ec543c8) at /test/10.11_dbg/sql/sql_connect.cc:1317
#15 0x0000154327150609 in start_thread (arg=<optimized out>) at pthread_create.c:477
#16 0x0000154326d3c133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95

Bug confirmed present in:
MariaDB: 10.11.2 (dbg)

Bug (or feature/syntax) confirmed not present in:
MariaDB: 10.3.38 (dbg), 10.3.38 (opt), 10.4.28 (dbg), 10.4.28 (opt), 10.5.19 (dbg), 10.5.19 (opt), 10.6.12 (dbg), 10.6.12 (opt), 10.7.8 (dbg), 10.7.8 (opt), 10.8.7 (dbg), 10.8.7 (opt), 10.9.5 (dbg), 10.9.5 (opt), 10.10.3 (dbg), 10.10.3 (opt), 10.11.2 (opt)

Attachments

Issue Links

is caused by

MDEV-5215 Granted to PUBLIC

Closed

Activity

Ascending order - Click to sort in descending order

Roel Van de Paar added a comment - 2022-12-06 07:42 - edited

Interestingly, using the final ~~MDEV-5215~~ implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we see stack rendering issues (MTR output):

10.11.1 b4e7803a6f4c734fc5f06a0b0d78285510ae0f48
Program terminated with signal SIGABRT, Aborted.
#0 0x000014722399e00b in ?? ()
[Current thread is 1 (LWP 2075610)]
#0 0x000014722399e00b in ?? ()
#1 0x0000000000087007 in ?? ()
#2 0x00001472239f56d0 in ?? ()
#3 0x00001472fbad8000 in ?? ()
#4 0x0000147210114d10 in ?? ()
#5 0x0000147210114d75 in ?? ()
#6 0x0000147210114d10 in ?? ()
#7 0x0000147210114d10 in ?? ()
#8 0x0000147210114dca in ?? ()
#9 0x0000147210114e3c in ?? ()
#10 0x0000147210114d10 in ?? ()
#11 0x0000147210114e3c in ?? ()
#12 0x0000000000000000 in ?? ()

And, as expected, in the commit just before the ~~MDEV-5215~~ patches, the syntax is invalid:

10.11.1 2bd41fc5bf765bb9b1b2caa872070b271fc7c039
mysqltest: At line 2: query 'GRANT SELECT ON . TO PUBLIC' failed: ER_INVALID_ROLE (1959): Invalid role specification `PUBLIC`

This issue is thus caused by ~~MDEV-5215~~, however, there are some intersting things to observe:
1. Stack smashing was present originally, but (it looks like) not anymore now.
2. Using the final ~~MDEV-5215~~ implementation commit (b4e7803a6f4c734fc5f06a0b0d78285510ae0f48) we need to add GRANT SELECT ON . TO PUBLIC; to the start of the CLI testcase (leading to the same crash), but this is no longer necessary in more recent 10.11 builds.
As such, it looks like one or more changes (affecting the feature) were applied after commit b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 which change the outcomes.

Roel Van de Paar added a comment - 2022-12-06 07:42 - edited Interestingly, using the final MDEV-5215 implementation commit ( b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 ) we see stack rendering issues (MTR output): 10.11.1 b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 Program terminated with signal SIGABRT, Aborted. #0 0x000014722399e00b in ?? () [Current thread is 1 (LWP 2075610)] #0 0x000014722399e00b in ?? () #1 0x0000000000087007 in ?? () #2 0x00001472239f56d0 in ?? () #3 0x00001472fbad8000 in ?? () #4 0x0000147210114d10 in ?? () #5 0x0000147210114d75 in ?? () #6 0x0000147210114d10 in ?? () #7 0x0000147210114d10 in ?? () #8 0x0000147210114dca in ?? () #9 0x0000147210114e3c in ?? () #10 0x0000147210114d10 in ?? () #11 0x0000147210114e3c in ?? () #12 0x0000000000000000 in ?? () And, as expected, in the commit just before the MDEV-5215 patches, the syntax is invalid: 10.11.1 2bd41fc5bf765bb9b1b2caa872070b271fc7c039 mysqltest: At line 2: query 'GRANT SELECT ON *.* TO PUBLIC' failed: ER_INVALID_ROLE (1959): Invalid role specification `PUBLIC` This issue is thus caused by MDEV-5215 , however, there are some intersting things to observe: 1. Stack smashing was present originally, but (it looks like) not anymore now. 2. Using the final MDEV-5215 implementation commit ( b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 ) we need to add GRANT SELECT ON . TO PUBLIC; to the start of the CLI testcase (leading to the same crash), but this is no longer necessary in more recent 10.11 builds. As such, it looks like one or more changes (affecting the feature) were applied after commit b4e7803a6f4c734fc5f06a0b0d78285510ae0f48 which change the outcomes.

Oleksandr Byelkin added a comment - 2022-12-07 13:38

actually

GRANT SELECT ON *.* TO PUBLIC;

should not return error becase failed

LOCK TABLE nonexisting WRITE;

unlock table

Oleksandr Byelkin added a comment - 2022-12-07 13:38 actually GRANT SELECT ON *.* TO PUBLIC ; should not return error becase failed LOCK TABLE nonexisting WRITE; unlock table

Oleksandr Byelkin added a comment - 2022-12-07 13:59

commit c21e8530038b4d41e344fdc7322d386c07a7a7f0 (HEAD -> bb-10.3-MDEV-30154, origin/bb-10.3-MDEV-30154)

Author: Oleksandr Byelkin <sanja@mariadb.com>

Date:   Wed Dec 7 14:59:06 2022 +0100

    MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC

    Reset of acl_public was made too early (before saving it to restore in case

    of error).

Oleksandr Byelkin added a comment - 2022-12-07 13:59 commit c21e8530038b4d41e344fdc7322d386c07a7a7f0 (HEAD -> bb-10.3-MDEV-30154, origin/bb-10.3-MDEV-30154) Author: Oleksandr Byelkin <sanja@mariadb.com> Date: Wed Dec 7 14:59:06 2022 +0100 MDEV-30154: Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC Reset of acl_public was made too early (before saving it to restore in case of error).

Sergei Golubchik added a comment - 2022-12-27 13:39

ok to push

Sergei Golubchik added a comment - 2022-12-27 13:39 ok to push

MariaDB Server

Assertion `strcasecmp(rolename, public_name.str) || acl_public == role' failed in acl_update_role on GRANT ... TO PUBLIC

Details

Description

Attachments

Issue Links

Activity

People

Dates

Git Integration