>Description:
mysqld (4.0.16) built with SSL support (--with-vio --with-openssl)
crashes if both of the following conditions are met:
1. Permissions for a user have been set with GRANT...REQUIRE SUBJECT
or GRANT...REQUIRE ISSUER.
2. A client program attempts to connect to the server by calling
mysql_real_connect() with the CLIENT_SSL flag but didn't call
mysql_ssl_set() beforehand.
When these conditions are met, mysqld crashes and logs the following
message to the .err file:
mysqld got signal 11;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help diagnose
the problem, but since we have already crashed, something is definitely wrong
and this may fail.
key_buffer_size=16777216
read_buffer_size=131072
max_used_connections=0
max_connections=100
threads_connected=1
It is possible that mysqld could use up to
key_buffer_size + (read_buffer_size + sort_buffer_size)*max_connections = 80383 K
bytes of memory
Hope that's ok; if not, decrease some variables in the equation.
In the client program, mysql_real_connect() fails with "Lost connection
to MySQL server during query."
The crash doesn't occur if permissions were granted with REQUIRE SSL,
REQUIRE X509, or REQUIRE CIPHER -- it occurs only with REQUIRE SUBJECT
or REQUIRE ISSUER. The crash also doesn't occur if mysql_real_connect()
doesn't have the CLIENT_SSL flag set, or if mysql_ssl_set() was called
with valid arguments before mysql_real_connect().
I can consistently reproduce this problem with MySQL 4.0.16 on FreeBSD
4.9 running on a Pentium III (built from the ports collection) and on
Solaris 9 running on a SPARC Ultra 1 (built from source). The compiler
on the FreeBSD box is gcc 2.95.4; the compiler on the Solaris box is
gcc 3.3.2. OpenSSL on both boxes is 0.9.7c.
I've been unable to get a core dump of these crashes. I've added
"core-file" to the mysqld section of /etc/my.cnf on both machines and
mysqld logs "Writing a core file" when the crash happens, but no core
file appears to be written. Resource limits on both systems allow
unlimited size for coredumps and I'm running mysqld_safe with the
"--core-file-size=1000000" option, but to no avail. If the developers
are unable to reproduce the bug, then I welcome suggestions on how
to get a core dump for further debugging.
>How-To-Repeat:
1. Grant permissions to a test user with a command such as the following:
GRANT USAGE ON * TO testuser IDENTIFIED BY 'password'
REQUIRE SUBJECT '/CN=Test User/[EMAIL PROTECTED]';
2. Compile and run the following program:
----Start program----
#include <stdio.h>
#include <stdlib.h>
#include <mysql/mysql.h>
int
main(void)
{
const char *host = "localhost";
const char *user = "testuser";
const char *pass = "password";
const char *db = "test";
unsigned int port = 0;
const char *sock = NULL;
unsigned long flag = CLIENT_SSL;
MYSQL mysql, *conn;
mysql_init(&mysql);
conn = mysql_real_connect(&mysql, host, user, pass, db, port, sock, flag);
if (conn == NULL) {
fprintf(stderr, "mysql_real_connect: %s\n", mysql_error(&mysql));
return EXIT_FAILURE;
}
printf("connection succeeded\n");
mysql_close(&mysql);
return EXIT_SUCCESS;
}
----End program----
>Fix:
Unknown.
>Submitter-Id: <submitter ID>
>Originator: Michael Fuhr
>Organization:
Michael Fuhr
http://www.fuhr.org/~mfuhr/
>
>MySQL support: none
>Synopsis: mysqld crashes with certain SSL connections
>Severity: serious
>Priority: medium
>Category: mysql
>Class: sw-bug
>Release: mysql-4.0.16 (Source distribution)
>C compiler: 2.95.3
>C++ compiler: 2.95.3
>Environment:
System: SunOS eeyore.fuhr.org 5.9 Generic_112233-08 sun4u sparc SUNW,Ultra-1
Architecture: sun4
Some paths: /usr/bin/perl /usr/ccs/bin/make /usr/local/bin/gcc
GCC: Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3.2/specs
Configured with: ../configure --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld
--disable-nls --disable-libgcj --enable-languages=c,c++ : (reconfigured) ../configure
--with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --disable-nls --disable-libgcj
--enable-languages=c,c++
Thread model: posix
gcc version 3.3.2
Compilation info: CC='gcc' CFLAGS='-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs
-Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings
-Wunused -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' CXX='ccache gcc'
CXXFLAGS='-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts
-Wformat -Wparentheses -Wsign-compare -Wwrite-strings -Woverloaded-virtual
-Wsign-promo -Wreorder -Wctor-dtor-privacy -Wnon-virtual-dtor -felide-constructors
-fno-exceptions -fno-rtti -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' LDFLAGS=''
ASFLAGS=''
LIBC:
-rw-r--r-- 1 root bin 1849348 Jun 4 15:08 /lib/libc.a
lrwxrwxrwx 1 root root 11 Nov 5 08:57 /lib/libc.so -> ./libc.so.1
-rwxr-xr-x 1 root bin 866316 Jun 4 15:08 /lib/libc.so.1
-rw-r--r-- 1 root bin 1849348 Jun 4 15:08 /usr/lib/libc.a
lrwxrwxrwx 1 root root 11 Nov 5 08:57 /usr/lib/libc.so -> ./libc.so.1
-rwxr-xr-x 1 root bin 866316 Jun 4 15:08 /usr/lib/libc.so.1
Configure command: ./configure '--prefix=/usr/local/mysql' '--enable-assembler'
'--with-extra-charsets=complex' '--enable-thread-safe-client' '--with-innodb'
'--with-berkeley-db' '--with-embedded-server' '--with-openssl' '--with-vio'
'--enable-local-infile' 'CFLAGS=-Wimplicit -Wreturn-type -Wswitch -Wtrigraphs
-Wcomment -W -Wchar-subscripts -Wformat -Wparentheses -Wsign-compare -Wwrite-strings
-Wunused -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' 'CXXFLAGS=-Wimplicit
-Wreturn-type -Wswitch -Wtrigraphs -Wcomment -W -Wchar-subscripts -Wformat
-Wparentheses -Wsign-compare -Wwrite-strings -Woverloaded-virtual -Wsign-promo
-Wreorder -Wctor-dtor-privacy -Wnon-virtual-dtor -felide-constructors -fno-exceptions
-fno-rtti -mcpu=pentiumpro -O3 -fno-omit-frame-pointer' 'CXX=ccache gcc'
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
