-
-
Notifications
You must be signed in to change notification settings - Fork 2.1k
MDEV-40085 TRUNCATE of temporary table with ENCRYPTED=NO crashes under innodb_encrypt_tables=FORCE #5308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: 10.11
Are you sure you want to change the base?
MDEV-40085 TRUNCATE of temporary table with ENCRYPTED=NO crashes under innodb_encrypt_tables=FORCE #5308
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11292,7 +11292,7 @@ create_table_info_t::check_table_options() | |
| " ENCRYPTION_KEY_ID=1"); | ||
| compile_time_assert(FIL_DEFAULT_ENCRYPTION_KEY == 1); | ||
| } | ||
| if (srv_encrypt_tables != 2) { | ||
| if (m_trx || srv_encrypt_tables != 2) { | ||
| break; | ||
| } | ||
| push_warning( | ||
|
|
@@ -13887,6 +13887,26 @@ int ha_innobase::truncate() | |
| if (ib_table->is_temporary()) | ||
| { | ||
| info.options|= HA_LEX_CREATE_TMP_TABLE; | ||
|
|
||
| /* Validate the create options before dropping the existing | ||
| table, so that a validation failure leaves the original table | ||
| intact instead of dropping it and then failing in create(), | ||
| which would leave the handler without a table. */ | ||
| { | ||
| char norm_name[FN_REFLEN], remote_path[FN_REFLEN]; | ||
| create_table_info_t validate(m_user_thd, table, &info, norm_name, | ||
| remote_path, true, trx); | ||
| int err= validate.initialize(); | ||
| if (!err) | ||
| err= validate.prepare_create_table(ib_table->name.m_name, false); | ||
| if (err) | ||
| { | ||
| trx_rollback_for_mysql(trx); | ||
| trx->free(); | ||
| DBUG_RETURN(err); | ||
| } | ||
| } | ||
|
Comment on lines
+13895
to
+13908
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To prevent potential null pointer dereferences, we should add a {
char norm_name[FN_REFLEN], remote_path[FN_REFLEN];
create_table_info_t validate(m_user_thd, table, &info, norm_name,
remote_path, true, trx);
int err = validate.initialize();
if (!err)
err = validate.prepare_create_table(ib_table->name.m_name, false);
if (err)
{
if (trx)
{
trx_rollback_for_mysql(trx);
trx->free();
}
DBUG_RETURN(err);
}
}References
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think |
||
|
|
||
| btr_drop_temporary_table(*ib_table); | ||
| m_prebuilt->table= nullptr; | ||
| row_prebuilt_free(m_prebuilt); | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using
m_trxas a proxy to detect the internal recreate/truncate path is fragile and poses a maintainability risk. If a future refactoring passes the active transaction pointer (trx) tocreate_table_info_tduring a normalCREATE TABLE(which is a very reasonable change since the constructor accepts it), theinnodb_encrypt_tables=FORCEcheck will be silently bypassed for all new tables, creating a security vulnerability.Instead, consider adding an explicit boolean flag (e.g.,
m_is_recreateor similar) tocreate_table_info_tto clearly indicate when the validation is performed as part of an internal recreate/truncate operation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Thirunarayanan I think this point is legit, but I think also a couple of comments: one here and and one in the
m_trxassignment (or declaration) place are defensive enough, without adding the extra Boolean flag.