From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 0F5D322FE9 for ; Mon, 17 Dec 2018 12:41:44 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m4OxXJqBsW_8 for ; Mon, 17 Dec 2018 12:41:43 -0500 (EST) Received: from smtpng1.m.smailru.net (smtpng1.m.smailru.net [94.100.181.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id C073821F16 for ; Mon, 17 Dec 2018 12:41:43 -0500 (EST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.39\)) Subject: [tarantool-patches] Re: [PATCH v1 1/1] sql: check that received iterator is not NULL From: "n.pettik" In-Reply-To: Date: Mon, 17 Dec 2018 20:41:41 +0300 Content-Transfer-Encoding: quoted-printable Message-Id: <0EE18CC1-D1BF-4769-85D6-AD343F496A6A@tarantool.org> References: Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: tarantool-patches@freelists.org Cc: Imeev Mergen > On 15 Dec 2018, at 15:22, imeevma@tarantool.org wrote: >=20 > If the user does not have permission to read from the =E2=80=9C_collatio= n=E2=80=9D > space, the =E2=80=9CPRAGMA collation_list=E2=80=9D command causes a = segmentation > fault. Added new check. I=E2=80=99ve rephrased your commit message: If the user does not have permission to read from the =E2=80=9C_collation=E2= =80=9D space, the =E2=80=9CPRAGMA collation_list=E2=80=9D command causes a = segmentation fault. This happens due to the fact that box_index_iterator() may fail and return NULL. Lets add check on this and if iterator is NULL, return with an error. Btw, have you checked this case with other pragmas? >=20 > Closes #3857 > --- > https://github.com/tarantool/tarantool/issues/3857 > = https://github.com/tarantool/tarantool/tree/imeevma/gh-3857-add-check-for-= received-iterator >=20 > src/box/sql/pragma.c | 5 +++++ > test/sql/collation.result | 18 ++++++++++++++++++ > test/sql/collation.test.lua | 8 ++++++++ > 3 files changed, 31 insertions(+) >=20 > diff --git a/src/box/sql/pragma.c b/src/box/sql/pragma.c > index 5c35017..2b0d812 100644 > --- a/src/box/sql/pragma.c > +++ b/src/box/sql/pragma.c > @@ -521,6 +521,11 @@ sqlite3Pragma(Parse * pParse, Token * pId, = /* First part of [schema.]id field */ > box_tuple_t *tuple; > box_iterator_t* iter; > iter =3D box_index_iterator(space->def->id, 0,ITER_ALL, = key_buf, key_end); > + if (iter =3D=3D NULL) { > + pParse->rc =3D SQL_TARANTOOL_ERROR; > + pParse->nErr++; > + goto pragma_out; > + } > int rc =3D box_iterator_next(iter, &tuple); > (void) rc; > assert(rc =3D=3D 0); > diff --git a/test/sql/collation.result b/test/sql/collation.result > index f98e9cb..148a1a1 100644 > --- a/test/sql/collation.result > +++ b/test/sql/collation.result > @@ -243,3 +243,21 @@ box.sql.execute("DROP TABLE t;") > box.schema.user.revoke('guest', 'read,write,execute', 'universe') > --- > ... > +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault. > +box.schema.user.create('tmp') > +--- > +... > +box.session.su('tmp') > +--- > +... > +-- Error: read access to space is denied. > +box.sql.execute("pragma collation_list") > +--- > +- error: Read access to space '_collation' is denied for user 'tmp' > +... > +box.session.su('admin') > +--- > +... > +box.schema.user.drop('tmp') > +--- > +... > diff --git a/test/sql/collation.test.lua b/test/sql/collation.test.lua > index c4c31fc..ade3a69 100644 > --- a/test/sql/collation.test.lua > +++ b/test/sql/collation.test.lua > @@ -94,3 +94,11 @@ box.sql.execute("SELECT b COLLATE \"unicode\" FROM = t UNION SELECT a FROM t;") >=20 > box.sql.execute("DROP TABLE t;") > box.schema.user.revoke('guest', 'read,write,execute', 'universe') > + > +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault. =E2=80=A6without enough permission granted to user. The rest is OK.