MDEV-26081 set role crashes when a hostname cannot be resolved

host can be NULL

MDEV-26081 set role crashes when a hostname cannot be resolved
host can be NULL
7c02e871 · Sergei Golubchik · ffe744e7 · 7c02e871 · 7c02e871 · 7c02e871
Commit 7c02e871 authored Jul 02, 2021 by Sergei Golubchik
6 changed files
--- a/mysql-test/r/skip_name_resolve.result
+++ b/mysql-test/r/skip_name_resolve.result
@@ -39,4 +39,24 @@ SET @@LOCAL.skip_name_resolve=0;
 ERROR HY000: Variable 'skip_name_resolve' is a read only variable
 SET @@GLOBAL.skip_name_resolve=0;
 ERROR HY000: Variable 'skip_name_resolve' is a read only variable
-End of 5.1 tests
+#
+# End of 5.1 tests
+#
+#
+# MDEV-26081 set role crashes when a hostname cannot be resolved
+#
+create user u1@`%`;
+create role r1;
+create role r2;
+grant r2 to r1;
+grant r1 to u1@`%`;
+connect u1,127.0.0.1,u1,,,$MASTER_MYPORT;
+set role r2;
+ERROR OP000: User `u1`@`%` has not been granted role `r2`
+disconnect u1;
+connection default;
+drop user u1@`%`;
+drop role r1, r2;
+#
+# End of 10.2 tests
+#
--- a/mysql-test/suite/roles/set_default_role_for.result
+++ b/mysql-test/suite/roles/set_default_role_for.result
@@ -14,7 +14,7 @@ set default role role_a for user_a@localhost;
 set default role invalid_role for user_a@localhost;
 ERROR OP000: Invalid role specification `invalid_role`
 set default role role_b for user_a@localhost;
-ERROR OP000: User `user_a@localhost` has not been granted role `role_b`
+ERROR OP000: User `root`@`localhost` has not been granted role `role_b`
 set default role role_b for user_b@localhost;
 show grants;
 Grants for user_a@localhost
@@ -37,7 +37,7 @@ user	host	default_role
 user_a	localhost	role_a
 user_b	localhost	role_b
 set default role role_b for current_user;
-ERROR OP000: User `user_a@localhost` has not been granted role `role_b`
+ERROR OP000: User `user_a`@`localhost` has not been granted role `role_b`
 show grants;
 Grants for user_b@localhost
 GRANT role_b TO 'user_b'@'localhost'

--- a/mysql-test/suite/roles/set_default_role_invalid.result
+++ b/mysql-test/suite/roles/set_default_role_invalid.result
@@ -48,7 +48,7 @@ CREATE USER b;
 CREATE ROLE r1;
 CREATE ROLE r2;
 SET DEFAULT ROLE r1 FOR a;
-ERROR OP000: User `a@%` has not been granted role `r1`
+ERROR OP000: User `root`@`localhost` has not been granted role `r1`
 GRANT r1 TO b;
 GRANT r2 TO b;
 SET DEFAULT ROLE r1 FOR b;
@@ -100,7 +100,7 @@ GRANT USAGE ON *.* TO 'b'@'%'
 GRANT SELECT, UPDATE ON `mysql`.* TO 'b'@'%'
 SET DEFAULT ROLE r2 FOR 'b'@'%'
 SET DEFAULT ROLE r1 FOR a;
-ERROR OP000: User `a@%` has not been granted role `r1`
+ERROR OP000: User `b`@`%` has not been granted role `r1`
 SET DEFAULT ROLE invalid_role;
 ERROR OP000: Invalid role specification `invalid_role`
 SET DEFAULT ROLE invalid_role FOR a;
@@ -117,7 +117,7 @@ SET DEFAULT ROLE None;
 # Change user b (session 3: role granted to user a)
 SET DEFAULT ROLE r1 FOR a;
 SET DEFAULT ROLE r2 FOR a;
-ERROR OP000: User `a@%` has not been granted role `r2`
+ERROR OP000: User `b`@`%` has not been granted role `r2`
 SET DEFAULT ROLE invalid_role;
 ERROR OP000: Invalid role specification `invalid_role`
 SET DEFAULT ROLE invalid_role FOR a;

--- a/mysql-test/suite/roles/set_role-recursive.result
+++ b/mysql-test/suite/roles/set_role-recursive.result
@@ -66,7 +66,7 @@ Grants for test_user@localhost
 GRANT USAGE ON *.* TO 'test_user'@'localhost'
 GRANT test_role1 TO 'test_user'@'localhost'
 set role test_role2;
-ERROR OP000: User `test_user@localhost` has not been granted role `test_role2`
+ERROR OP000: User `test_user`@`localhost` has not been granted role `test_role2`
 select current_user(), current_role();
 current_user()	current_role()
 test_user@localhost	NULL

--- a/mysql-test/t/skip_name_resolve.test
+++ b/mysql-test/t/skip_name_resolve.test
@@ -50,4 +50,28 @@ SET @@LOCAL.skip_name_resolve=0;
 --error ER_INCORRECT_GLOBAL_LOCAL_VAR
 SET @@GLOBAL.skip_name_resolve=0;

--echo End of 5.1 tests
+--echo #
+--echo # End of 5.1 tests
+--echo #
+
+--echo #
+--echo # MDEV-26081 set role crashes when a hostname cannot be resolved
+--echo #
+
+create user u1@`%`;
+create role r1;
+create role r2;
+grant r2 to r1;
+grant r1 to u1@`%`;
+
+connect u1,127.0.0.1,u1,,,$MASTER_MYPORT;
+error ER_INVALID_ROLE;
+set role r2;
+disconnect u1;
+connection default;
+drop user u1@`%`;
+drop role r1, r2;
+
+--echo #
+--echo # End of 10.2 tests
+--echo #
--- a/sql/sql_acl.cc
+++ b/sql/sql_acl.cc
@@ -2732,7 +2732,6 @@ static int check_user_can_set_role(THD *thd, const char *user, const char *host,
      my_error(ER_INVALID_ROLE, MYF(0), rolename);
      break;
    case 1:
-      StringBuffer<1024> c_usr;
      LEX_CSTRING role_lex;
      /* First, check if current user can see mysql database. */
      bool read_access= !check_access(thd, SELECT_ACL, "mysql", NULL, NULL, 1, 1);
@@ -2753,11 +2752,9 @@ static int check_user_can_set_role(THD *thd, const char *user, const char *host,
                                                NULL) == -1))
      {
        /* Role is not granted but current user can see the role */
-        c_usr.append(user, strlen(user));
-        c_usr.append('@');
-        c_usr.append(host, strlen(host));
-        my_printf_error(ER_INVALID_ROLE, "User %`s has not been granted role %`s",
-                        MYF(0), c_usr.c_ptr(), rolename);
+        my_printf_error(ER_INVALID_ROLE, "User %`s@%`s has not been granted role %`s",
+                        MYF(0), thd->security_ctx->priv_user,
+                        thd->security_ctx->priv_host, rolename);
      }
      else
      {