Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
11.3.2, 11.4.1, 11.2(EOL), 11.3(EOL), 11.4
-
None
-
Ubuntu 20.04 x86-64, docker image mariadb:11.4-rc
Description
PoC:
SELECT AES_DECRYPT ( );
|
Docker container log:
Server version: 11.4.1-MariaDB-1:11.4.1+maria~ubu2204 source revision: fa69b085b10f19a3a8b6e7adab27c104924333ae
|
key_buffer_size=134217728
|
read_buffer_size=131072
|
max_used_connections=1
|
max_threads=153
|
thread_count=1
|
It is possible that mysqld could use up to
|
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_threads = 468064 K bytes of memory
|
Hope that's ok; if not, decrease some variables in the equation.
|
|
|
Thread pointer: 0x7fd978000c68
|
Attempting backtrace. You can use the following information to find out
|
where mysqld died. If you see no messages after this, something went
|
terribly wrong...
|
stack_bottom = 0x7fd9a81bec38 thread_stack 0x49000
|
Printing to addr2line failed
|
mariadbd(my_print_stacktrace+0x32)[0x55d4b723e4f2]
|
mariadbd(handle_fatal_signal+0x478)[0x55d4b6d0e1e8]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x42520)[0x7fd9bd610520]
|
mariadbd(_ZN23Create_func_aes_decrypt13create_nativeEP3THDPK25st_mysql_const_lex_stringP4ListI4ItemE+0x22)[0x55d4b6d742d2]
|
mariadbd(_Z10MYSQLparseP3THD+0x8130)[0x55d4b6c9d7d0]
|
mariadbd(_Z9parse_sqlP3THDP12Parser_stateP19Object_creation_ctxb+0xdd)[0x55d4b6a86e7d]
|
mariadbd(_Z11mysql_parseP3THDPcjP12Parser_state+0xe7)[0x55d4b6a8c917]
|
mariadbd(_Z16dispatch_command19enum_server_commandP3THDPcjb+0x14cd)[0x55d4b6a8f20d]
|
mariadbd(_Z10do_commandP3THDb+0x138)[0x55d4b6a91118]
|
mariadbd(_Z24do_handle_one_connectionP7CONNECTb+0x3bf)[0x55d4b6bbdf6f]
|
mariadbd(handle_one_connection+0x5d)[0x55d4b6bbe2bd]
|
mariadbd(+0xd10af6)[0x55d4b6f40af6]
|
/lib/x86_64-linux-gnu/libc.so.6(+0x94ac3)[0x7fd9bd662ac3]
|
/lib/x86_64-linux-gnu/libc.so.6(clone+0x44)[0x7fd9bd6f3a04]
|
|
|
Trying to get some variables.
|
Some pointers may be invalid and cause the dump to abort.
|
Query (0x7fd978012fa0): SELECT AES_DECRYPT ( )
|
|
|
Connection ID (thread ID): 3
|
Status: NOT_KILLED
|
|
|
Optimizer switch: index_merge=on,index_merge_union=on,index_merge_sort_union=on,index_merge_intersection=on,index_merge_sort_intersection=off,index_condition_pushdown=on,derived_merge=on,derived_with_keys=on,firstmatch=on,loosescan=on,materialization=on,in_to_exists=on,semijoin=on,partial_match_rowid_merge=on,partial_match_table_scan=on,subquery_cache=on,mrr=off,mrr_cost_based=off,mrr_sort_keys=off,outer_join_with_cache=on,semijoin_with_cache=on,join_cache_incremental=on,join_cache_hashed=on,join_cache_bka=on,optimize_join_buffer_size=on,table_elimination=on,extended_keys=on,exists_to_in=on,orderby_uses_equalities=on,condition_pushdown_for_derived=on,split_materialized=on,condition_pushdown_for_subquery=on,rowid_filter=on,condition_pushdown_from_having=on,not_null_range_scan=off,hash_join_cardinality=on,cset_narrowing=off,sargable_casefold=on
|
Attachments
Issue Links
- relates to
-
MDEV-9069 extend AES_ENCRYPT() and AES_DECRYPT() to support IV and the algorithm
-
- Closed
-
Activity
Nice! I'm asking because Sergei was assigned and I thought maybe he had already done some work on it.
Good implementation, just note the fix version for a rebase.
I checked rest of sql/item_create.cc and all other implementations of ::create_native seem to check the arg_count correctly.
Note for testing, there are two parts for this aes_decrypt() in 11.2 and kdf() in 11.4
Thank you!
Repeatable on 11.2-11.4, before - ER_WRONG_PARAMCOUNT_TO_NATIVE_FCT (1582): Incorrect parameter count in the call to native function 'AES_DECRYPT'
Version: '11.2.4-MariaDB-debug-log'240312 16:24:07 [ERROR] mysqld got signal 11 ;Server version: 11.2.4-MariaDB-debug-log source revision: 1553a9dd79b7777ca5a343b445afb196482564basql/signal_handler.cc:238(handle_fatal_signal)[0x55dd78bc192e]sigaction.c:0(__restore_rt)[0x7f87c6476420]sql/item_create.cc:3170(Create_func_aes_encrypt::create_native(THD*, st_mysql_const_lex_string const*, List<Item>*))[0x55dd78cf196f]sql/item_create.cc:3017(Create_native_func::create_func(THD*, st_mysql_const_lex_string const*, List<Item>*))[0x55dd78cf0e9c]sql/sql_yacc.yy:10564(MYSQLparse(THD*))[0x55dd78a63243]sql/sql_parse.cc:10210(parse_sql(THD*, Parser_state*, Object_creation_ctx*, bool))[0x55dd7828f7c0]sql/sql_parse.cc:7826(mysql_parse(THD*, char*, unsigned int, Parser_state*))[0x55dd7828059a]sql/sql_parse.cc:1895(dispatch_command(enum_server_command, THD*, char*, unsigned int, bool))[0x55dd7825893a]sql/sql_parse.cc:1406(do_command(THD*, bool))[0x55dd78255684]sql/sql_connect.cc:1437(do_handle_one_connection(CONNECT*, bool))[0x55dd78738042]sql/sql_connect.cc:1341(handle_one_connection)[0x55dd7873799f]perfschema/pfs.cc:2203(pfs_spawn_thread)[0x55dd793a4efe]nptl/pthread_create.c:478(start_thread)[0x7f87c646a609]Query (0x6290001092a8): SELECT AES_ENCRYPT ( )