From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id AFD8A22171 for ; Tue, 18 Dec 2018 12:05:42 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPE86VVEnFCO for ; Tue, 18 Dec 2018 12:05:42 -0500 (EST) Received: from smtpng2.m.smailru.net (smtpng2.m.smailru.net [94.100.179.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTPS id 006D62214D for ; Tue, 18 Dec 2018 12:05:41 -0500 (EST) From: imeevma@tarantool.org Subject: [tarantool-patches] [PATCH v2 1/1] sql: check that received iterator is not NULL Date: Tue, 18 Dec 2018 20:05:38 +0300 Message-Id: <4c3e6e6dbb655d11b316e5c336cd195fce5b2239.1545152376.git.imeevma@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Sender: tarantool-patches-bounce@freelists.org Errors-to: tarantool-patches-bounce@freelists.org Reply-To: tarantool-patches@freelists.org List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: tarantool-patches List-subscribe: List-owner: List-post: List-archive: To: korablev@tarantool.org, tarantool-patches@freelists.org Hi! Thank you for review! Diff between version, new patch and my answers below. https://github.com/tarantool/tarantool/issues/3857 https://github.com/tarantool/tarantool/tree/imeevma/gh-3857-add-check-for-received-iterator On 12/17/18 8:41 PM, n.pettik wrote: > > > I’ve rephrased your commit message: > > If the user does not have permission to read from the “_collation” > space, the “PRAGMA collation_list” command causes a segmentation > fault. This happens due to the fact that box_index_iterator() may fail > and return NULL. Lets add check on this and if iterator is NULL, return > with an error. Applied. > Btw, have you checked this case with other pragmas? Yes, I haven't find any errors besides ones I fixed in patches for 3832. >> +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault. > …without enough permission granted to user. Added. Diff between versions: commit 0d5b9ec662b940a7a3e9e5e8d4e0febae6055db0 Author: Mergen Imeev Date: Tue Dec 18 19:24:15 2018 +0300 sql: check that received iterator is not NULL If the user does not have permission to read from the “_collation” space, the “PRAGMA collation_list” command causes a segmentation fault. This happens due to the fact that box_index_iterator() may fail and return NULL. Lets add check on this and if iterator is NULL, return with an error. Closes #3857 diff --git a/test/sql/collation.result b/test/sql/collation.result index 148a1a1..7f5d761 100644 --- a/test/sql/collation.result +++ b/test/sql/collation.result @@ -243,7 +243,10 @@ box.sql.execute("DROP TABLE t;") box.schema.user.revoke('guest', 'read,write,execute', 'universe') --- ... --- gh-3857 "PRAGMA collation_list" invokes segmentation fault. +-- +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault +-- without enough permission granted to user. +-- box.schema.user.create('tmp') --- ... diff --git a/test/sql/collation.test.lua b/test/sql/collation.test.lua index ade3a69..26652a9 100644 --- a/test/sql/collation.test.lua +++ b/test/sql/collation.test.lua @@ -95,7 +95,10 @@ box.sql.execute("SELECT b COLLATE \"unicode\" FROM t UNION SELECT a FROM t;") box.sql.execute("DROP TABLE t;") box.schema.user.revoke('guest', 'read,write,execute', 'universe') --- gh-3857 "PRAGMA collation_list" invokes segmentation fault. +-- +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault +-- without enough permission granted to user. +-- box.schema.user.create('tmp') box.session.su('tmp') -- Error: read access to space is denied. New version: commit 4c3e6e6dbb655d11b316e5c336cd195fce5b2239 Author: Mergen Imeev Date: Sat Dec 8 13:12:15 2018 +0300 sql: check that received iterator is not NULL If the user does not have permission to read from the “_collation” space, the “PRAGMA collation_list” command causes a segmentation fault. This happens due to the fact that box_index_iterator() may fail and return NULL. Lets add check on this and if iterator is NULL, return with an error. Closes #3857 diff --git a/src/box/sql/pragma.c b/src/box/sql/pragma.c index 5c35017..2b0d812 100644 --- a/src/box/sql/pragma.c +++ b/src/box/sql/pragma.c @@ -521,6 +521,11 @@ sqlite3Pragma(Parse * pParse, Token * pId, /* First part of [schema.]id field */ box_tuple_t *tuple; box_iterator_t* iter; iter = box_index_iterator(space->def->id, 0,ITER_ALL, key_buf, key_end); + if (iter == NULL) { + pParse->rc = SQL_TARANTOOL_ERROR; + pParse->nErr++; + goto pragma_out; + } int rc = box_iterator_next(iter, &tuple); (void) rc; assert(rc == 0); diff --git a/test/sql/collation.result b/test/sql/collation.result index f98e9cb..7f5d761 100644 --- a/test/sql/collation.result +++ b/test/sql/collation.result @@ -243,3 +243,24 @@ box.sql.execute("DROP TABLE t;") box.schema.user.revoke('guest', 'read,write,execute', 'universe') --- ... +-- +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault +-- without enough permission granted to user. +-- +box.schema.user.create('tmp') +--- +... +box.session.su('tmp') +--- +... +-- Error: read access to space is denied. +box.sql.execute("pragma collation_list") +--- +- error: Read access to space '_collation' is denied for user 'tmp' +... +box.session.su('admin') +--- +... +box.schema.user.drop('tmp') +--- +... diff --git a/test/sql/collation.test.lua b/test/sql/collation.test.lua index c4c31fc..26652a9 100644 --- a/test/sql/collation.test.lua +++ b/test/sql/collation.test.lua @@ -94,3 +94,14 @@ box.sql.execute("SELECT b COLLATE \"unicode\" FROM t UNION SELECT a FROM t;") box.sql.execute("DROP TABLE t;") box.schema.user.revoke('guest', 'read,write,execute', 'universe') + +-- +-- gh-3857 "PRAGMA collation_list" invokes segmentation fault +-- without enough permission granted to user. +-- +box.schema.user.create('tmp') +box.session.su('tmp') +-- Error: read access to space is denied. +box.sql.execute("pragma collation_list") +box.session.su('admin') +box.schema.user.drop('tmp') -- 2.7.4