>Description: mysqld (4.0.16) built with SSL support (--with-vio --with-openssl) crashes if both of the following conditions are met:
1. Permissions for a user have been set with GRANT...REQUIRE SUBJECT or GRANT...REQUIRE ISSUER. 2. A client program attempts to connect to the server by calling mysql_real_connect() with the CLIENT_SSL flag but didn't call mysql_ssl_set() beforehand. When these conditions are met, mysqld crashes and logs the following message to the .err file: mysqld got signal 11; This could be because you hit a bug. It is also possible that this binary or one of the libraries it was linked against is corrupt, improperly built, or misconfigured. This error can also be caused by malfunctioning hardware. We will try our best to scrape up some info that will hopefully help diagnose the problem, but since we have already crashed, something is definitely wrong and this may fail. key_buffer_size=16777216 read_buffer_size=131072 max_used_connections=0 max_connections=100 threads_connected=1 It is possible that mysqld could use up to key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 80383 K bytes of memory Hope that's ok; if not, decrease some variables in the equation. In the client program, mysql_real_connect() fails with "Lost connection to MySQL server during query." The crash doesn't occur if permissions were granted with REQUIRE SSL, REQUIRE X509, or REQUIRE CIPHER -- it occurs only with REQUIRE SUBJECT or REQUIRE ISSUER. The crash also doesn't occur if mysql_real_connect() doesn't have the CLIENT_SSL flag set, or if mysql_ssl_set() was called with valid arguments before mysql_real_connect(). I can consistently reproduce this problem with MySQL 4.0.16 on FreeBSD 4.9 running on a Pentium III (built from the ports collection) and on Solaris 9 running on a SPARC Ultra 1 (built from source). The compiler on the FreeBSD box is gcc 2.95.4; the compiler on the Solaris box is gcc 3.3.2. OpenSSL on both boxes is 0.9.7c. I've been unable to get a core dump of these crashes. I've added "core-file" to the mysqld section of /etc/my.cnf on both machines and mysqld logs "Writing a core file" when the crash happens, but no core file appears to be written. Resource limits on both systems allow unlimited size for coredumps and I'm running mysqld_safe with the "--core-file-size=1000000" option, but to no avail. If the developers are unable to reproduce the bug, then I welcome suggestions on how to get a core dump for further debugging. >How-To-Repeat: 1. Grant permissions to a test user with a command such as the following: GRANT USAGE ON * TO testuser IDENTIFIED BY 'password' REQUIRE SUBJECT '/CN=Test User/[EMAIL PROTECTED]'; 2. Compile and run the following program: ----Start program---- #include <stdio.h> #include <stdlib.h> #include <mysql/mysql.h> int main(void) { const char *host = "localhost"; const char *user = "testuser"; const char *pass = "password"; const char *db = "test"; unsigned int port = 0; const char *sock = NULL; unsigned long flag = CLIENT_SSL; MYSQL mysql, *conn; mysql_init(&mysql); conn = mysql_real_connect(&mysql, host, user, pass, db, port, sock, flag); if (conn == NULL) { fprintf(stderr, "mysql_real_connect: %s\n", mysql_error(&mysql)); return EXIT_FAILURE; } printf("connection succeeded\n"); mysql_close(&mysql); return EXIT_SUCCESS; } ----End program---- >Fix: Unknown. >Submitter-Id: <submitter ID> >Originator: Michael Fuhr >Organization: Michael Fuhr http://www.fuhr.org/~mfuhr/ > >MySQL support: none >Synopsis: mysqld crashes with certain SSL connections >Severity: serious >Priority: medium >Category: mysql >Class: sw-bug >Release: mysql-4.0.16 (Source distribution) >C compiler: 2.95.3 >C++ compiler: 2.95.3 >Environment: System: SunOS eeyore.fuhr.org 5.9 Generic_112233-08 sun4u sparc SUNW,Ultra-1 Architecture: sun4 Some paths: /usr/bin/perl /usr/ccs/bin/make /usr/local/bin/gcc GCC: Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3.2/specs Configured with: ../configure --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --disable-nls --disable-libgcj --enable-languages=c,c++ : (reconfigured) ../configure --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --disable-nls --disable-libgcj --enable-languages=c,c++ Thread model: posix gcc version 3.3.2 Compilation info: CC='gcc' CFLAGS='-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Wunused -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' CXX='ccache gcc' CXXFLAGS='-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Woverloaded-virtual -Wsign-promo -Wreorder -Wctor-dtor-privacy -Wnon-virtual-dtor -felide-constructors -fno-exceptions -fno-rtti -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' LDFLAGS='' ASFLAGS='' LIBC: -rw-r--r-- 1 root bin 1849348 Jun 4 15:08 /lib/libc.a lrwxrwxrwx 1 root root 11 Nov 5 08:57 /lib/libc.so -> ./libc.so.1 -rwxr-xr-x 1 root bin 866316 Jun 4 15:08 /lib/libc.so.1 -rw-r--r-- 1 root bin 1849348 Jun 4 15:08 /usr/lib/libc.a lrwxrwxrwx 1 root root 11 Nov 5 08:57 /usr/lib/libc.so -> ./libc.so.1 -rwxr-xr-x 1 root bin 866316 Jun 4 15:08 /usr/lib/libc.so.1 Configure command: ./configure '--prefix=/usr/local/mysql' '--enable-assembler' '--with-extra-charsets=complex' '--enable-thread-safe-client' '--with-innodb' '--with-berkeley-db' '--with-embedded-server' '--with-openssl' '--with-vio' '--enable-local-infile' 'CFLAGS=-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Wunused -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' 'CXXFLAGS=-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Woverloaded-virtual -Wsign-promo -Wreorder -Wctor-dtor-privacy -Wnon-virtual-dtor -felide-constructors -fno-exceptions -fno-rtti -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' 'CXX=ccache gcc' -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]