Bug #20537246 SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN USER

Bharathy Satish · bjornmu · commit ae3689364562 · 2015-02-17T11:05:27.000+01:00
WITH BLANK PWD
When user is created with blank password, NULL value gets stored in
authentication_string column of mysql.user. When we do flush privileges
this NULL value gets loaded into acl_user.auth_string. Thus during
authentication there is a strcmp for external plugins (like cleartext
password, authentication_pam) for auth_string which causes segmentation
fault.
Fix is to set the auth_string to empty string when there is a NULL value
in authentication_string column of mysql.user table.

(cherry picked from commit 7fe41b58ef86059b737f42d1c1960aa5958d8f01)
diff --git a/mysql-test/r/plugin_auth.result b/mysql-test/r/plugin_auth.result
@@ -567,3 +567,14 @@ employee@localhost
 user()
 empl_external@localhost
 DROP USER 'empl_external'@'localhost', 'employee'@'localhost';
+#
+# Bug #20537246: SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN
+#                USER WITH BLANK PWD
+#
+CREATE USER bug20537246@localhost
+IDENTIFIED WITH 'cleartext_plugin_server' AS '';
+## test connection
+select USER(),CURRENT_USER();
+USER()	CURRENT_USER()
+bug20537246@localhost	bug20537246@localhost
+DROP USER bug20537246@localhost;
diff --git a/mysql-test/t/plugin_auth.test b/mysql-test/t/plugin_auth.test
@@ -647,3 +647,20 @@ ALTER USER employee@localhost PASSWORD EXPIRE;
 DROP USER 'empl_external'@'localhost', 'employee'@'localhost';
 
 --source include/mysql_upgrade_cleanup.inc
+
+--echo #
+--echo # Bug #20537246: SERVER CRASH WHILE CONNECTING WITH CLEARTEXT-PLUGIN
+--echo #                USER WITH BLANK PWD
+--echo #
+
+CREATE USER bug20537246@localhost
+    IDENTIFIED WITH 'cleartext_plugin_server' AS '';
+
+--echo ## test connection
+connect(cleartext_con,localhost,bug20537246,,,,,CLEARTEXT);
+select USER(),CURRENT_USER();
+
+connection default;
+disconnect cleartext_con;
+DROP USER bug20537246@localhost;
+
diff --git a/sql/auth/sql_auth_cache.cc b/sql/auth/sql_auth_cache.cc
@@ -1410,6 +1410,8 @@ static my_bool acl_load(THD *thd, TABLE_LIST *tables)
     }
     if(user.auth_string.str)
       user.auth_string.length= strlen(user.auth_string.str);
+    else
+      user.auth_string= EMPTY_STR;
 
     {
       uint next_field;

Original file line number	Diff line number	Diff line change
`@@ -1410,6 +1410,8 @@ static my_bool acl_load(THD thd, TABLE_LIST tables)`
`1410`	`1410`	`}`
`1411`	`1411`	`if(user.auth_string.str)`
`1412`	`1412`	`user.auth_string.length= strlen(user.auth_string.str);`
	`1413`	`+ else`
	`1414`	`+ user.auth_string= EMPTY_STR;`
`1413`	`1415`
`1414`	`1416`	`{`
`1415`	`1417`	`uint next_field;`