Elena Stepanova added a comment - 2016-04-11 14:14 - edited Could you please attach your error log and cnf file(s)? It does not crash for me: MariaDB [test]> create user foo@localhost; Query OK, 0 rows affected (0.66 sec)   MariaDB [test]> create role r; Query OK, 0 rows affected (0.00 sec)   MariaDB [test]> grant r to foo@localhost; Query OK, 0 rows affected (0.00 sec)   MariaDB [test]> exit Bye $ client/mysql -ufoo test Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 4 Server version: 10.1.13-MariaDB-debug Source distribution   Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   MariaDB [test]> SET ROLE NONE; Query OK, 0 rows affected (0.00 sec)

Igor Pashev added a comment - 2016-04-11 14:33 Attached my.cnf backtrace.txt

Igor Pashev added a comment - 2016-04-11 17:15 Right, it works for user@localhost . This is what I see for user@'%' when connecting locally (unix-socket I guess) (only this record exists in mysql.user ) # mysql -u abcdefg Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 47 Server version: 10.1.13-MariaDB MariaDB Server   Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   MariaDB [(none)]> show grants; +-------------------------------------------------+ | Grants for abcdefg@% | +-------------------------------------------------+ | GRANT all_all TO 'abcdefg'@'%' | | GRANT USAGE ON *.* TO 'abcdefg'@'%' | | GRANT SELECT ON `mysql`.`user` TO 'abcdefg'@'%' | +-------------------------------------------------+ 3 rows in set (0.00 sec)   MariaDB [(none)]> SET ROLE NONE; ERROR 1960 (0L000): The current user is invalid. MariaDB [(none)]> SET ROLE all_all; Query OK, 0 rows affected (0.00 sec)   MariaDB [(none)]> SET ROLE NONE; ERROR 1960 (0L000): The current user is invalid. MariaDB [(none)]> Bye And when I connect by TCP from outside: # mysql -h 192.168.56.101 -u abcdefg Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 50 Server version: 10.1.13-MariaDB MariaDB Server   Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.   Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.   MariaDB [(none)]> set role none; ERROR 2013 (HY000): Lost connection to MySQL server during query MariaDB [(none)]>

Elena Stepanova added a comment - 2016-04-15 11:04 - edited Thank you. I'm not getting the buffer overflow, but I guess it's just the matter of environment, binaries, maybe luck. Anyway, something is already wrong when we start getting ERROR 1960 The current user is invalid (which I'm getting too on a user with an unspecified host).

Igor Pashev added a comment - 2016-04-18 18:50 I think check_user_can_set_role should find something for the user, but with find_user_exact it does not. diff --git a/sql/sql_acl.cc b/sql/sql_acl.cc index d34f04c..e39992d 100644 --- a/sql/sql_acl.cc +++ b/sql/sql_acl.cc @@ -2035,7 +2035,7 @@ static int check_user_can_set_role(const char *user, const char *host, { /* have to clear the privileges */ /* get the current user */ - acl_user= find_user_exact(host, user); + acl_user= find_user_wild(host, user, ip); if (acl_user == NULL) { my_error(ER_INVALID_CURRENT_USER, MYF(0), rolename);

Alexey Botchkov added a comment - 2016-04-28 09:53 Proposed fix: http://lists.askmonty.org/pipermail/commits/2016-April/009327.html

Alexey Botchkov added a comment - 2016-04-28 09:53 http://lists.askmonty.org/pipermail/commits/2016-April/009327.html