Commit 80d982eb authored by Daniel Fischer's avatar Daniel Fischer

backport #43748, applying commits 70359 and 70377

parent 5d2a6c47
......@@ -2125,6 +2125,13 @@ void Security_context::skip_grants()
}
bool Security_context::user_matches(Security_context *them)
{
return ((user != NULL) && (them->user != NULL) &&
!strcmp(user, them->user));
}
/****************************************************************************
Handling of open and locked tables states.
......
......@@ -978,6 +978,7 @@ class Security_context {
{
return (*priv_host ? priv_host : (char *)"%");
}
bool user_matches(Security_context *);
};
......
......@@ -7339,8 +7339,26 @@ void kill_one_thread(THD *thd, ulong id, bool only_kill_query)
VOID(pthread_mutex_unlock(&LOCK_thread_count));
if (tmp)
{
/*
If we're SUPER, we can KILL anything, including system-threads.
No further checks.
KILLer: thd->security_ctx->user could in theory be NULL while
we're still in "unauthenticated" state. This is a theoretical
case (the code suggests this could happen, so we play it safe).
KILLee: tmp->security_ctx->user will be NULL for system threads.
We need to check so Jane Random User doesn't crash the server
when trying to kill a) system threads or b) unauthenticated users'
threads (Bug#43748).
If user of both killer and killee are non-NULL, proceed with
slayage if both are string-equal.
*/
if ((thd->security_ctx->master_access & SUPER_ACL) ||
!strcmp(thd->security_ctx->user, tmp->security_ctx->user))
thd->security_ctx->user_matches(tmp->security_ctx))
{
tmp->awake(only_kill_query ? THD::KILL_QUERY : THD::KILL_CONNECTION);
error=0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment