[MDEV-31470] When set at runtime, wsrep_sst_method accepts any value - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 10.4.30
Fix Version/s: 10.4.32, 10.5.23, 10.6.16, 10.10.7, 10.11.6, 11.0.4, 11.1.3, 11.2.2, 11.3.1
Component/s: Galera
Labels:
- Papercut
- beginner-friendly

Description

Invalid values are accepted:

MariaDB [(none)]> set global wsrep_sst_method := 'handwrite rows and send them via post';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> select @@wsrep_sst_method;

+---------------------------------------+

| @@wsrep_sst_method                    |

+---------------------------------------+

| handwrite rows and send them via post |

+---------------------------------------+

1 row in set (0.000 sec)

Attachments

Issue Links

relates to

MDEV-23884 donor uses invalid SST methods

Closed

Activity

Ascending order - Click to sort in descending order

Daniel Black added a comment - 2023-06-13 22:11

Well spotted.

Like your example method too. Need more fun things in bug reports

Daniel Black added a comment - 2023-06-13 22:11 Well spotted. Like your example method too. Need more fun things in bug reports

Seppo Jaakola added a comment - 2023-10-18 11:19

wsep_sst_method is checked in donor node when SST request arrives. This is the proper location for enforcing the validity of the SST method, from the vulnerability point of view.

It is also possible to check the wsrep_sst_method whenever the variable is changed and restrict accepted values in similar way as happens in donor processing. This has no other effect though, but stop the super user experimenting with this variable.

Seppo Jaakola added a comment - 2023-10-18 11:19 wsep_sst_method is checked in donor node when SST request arrives. This is the proper location for enforcing the validity of the SST method, from the vulnerability point of view. It is also possible to check the wsrep_sst_method whenever the variable is changed and restrict accepted values in similar way as happens in donor processing. This has no other effect though, but stop the super user experimenting with this variable.

Seppo Jaakola added a comment - 2023-10-18 17:33

a PR has been submitted to carry out same validity checks on wsrep_sst_method changing as what the donor node does for incoming SST request

Seppo Jaakola added a comment - 2023-10-18 17:33 a PR has been submitted to carry out same validity checks on wsrep_sst_method changing as what the donor node does for incoming SST request

Federico Razzoli added a comment - 2023-10-18 19:31

The benefit is that the check will prevent mistakes.

Federico Razzoli added a comment - 2023-10-18 19:31 The benefit is that the check will prevent mistakes.

Julius Goryavsky added a comment - 2023-10-24 08:38

Fix merged with head revision: https://github.com/MariaDB/server/commit/c7feacb0dee696cf602a19da32d1069d0b0ff7c4

Julius Goryavsky added a comment - 2023-10-24 08:38 Fix merged with head revision: https://github.com/MariaDB/server/commit/c7feacb0dee696cf602a19da32d1069d0b0ff7c4

People

Assignee:: Julius Goryavsky

Reporter:: Federico Razzoli

Votes:: 1 Vote for this issue

Watchers:: 7 Start watching this issue

Dates

Created:: 2023-06-13 10:09

Updated:: 2023-10-24 08:40

Resolved:: 2023-10-24 08:38

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server