Hi, Alexey! On Apr 28, Alexey Botchkov wrote: > revision-id: 95e1c46c1709e7244332a025a527cacceab7da60 > (mariadb-10.1.13-14-g95e1c46) > parent(s): 646c4cea58afbb369021a3d7b5ccbbf6aed708d4 > committer: Alexey Botchkov > timestamp: 2016-04-28 13:36:36 +0400 > message: > > MDEV-9898 SET ROLE NONE can crash mysqld. > The check_user_can_set_role() used find_user_exact() to get the > permissions for the SET ROLE NONE command. > Which returned NULL too often, for instance when user > authenticated as 'user'@'%'. > Now we use find_user_or_anon() instead.
No, this is wrong. SET ROLE NONE should use the same rule as SET ROLE name. And the latter uses acl_user->wild_eq(user, host, ip). Thus SET ROLE NONE should find the user with ACL_USER::wild_eq, that is, it should use find_user_wild(). Ok to push with find_user_wild(). Regards, Sergei Chief Architect MariaDB and [email protected] _______________________________________________ Mailing list: https://launchpad.net/~maria-developers Post to : [email protected] Unsubscribe : https://launchpad.net/~maria-developers More help : https://help.launchpad.net/ListHelp
