Hi, Alexey! On Apr 28, Alexey Botchkov wrote:
revision-id: 95e1c46c1709e7244332a025a527cacceab7da60 (mariadb-10.1.13-14-g95e1c46) parent(s): 646c4cea58afbb369021a3d7b5ccbbf6aed708d4 committer: Alexey Botchkov timestamp: 2016-04-28 13:36:36 +0400 message:
MDEV-9898 SET ROLE NONE can crash mysqld. The check_user_can_set_role() used find_user_exact() to get the permissions for the SET ROLE NONE command. Which returned NULL too often, for instance when user authenticated as 'user'@'%'. Now we use find_user_or_anon() instead.
No, this is wrong. SET ROLE NONE should use the same rule as SET ROLE name. And the latter uses acl_user->wild_eq(user, host, ip). Thus SET ROLE NONE should find the user with ACL_USER::wild_eq, that is, it should use find_user_wild(). Ok to push with find_user_wild(). Regards, Sergei Chief Architect MariaDB and security@mariadb.org