[CP] bugfix: alter user resource/public/connect identified by pwd core

23f4876f · obdev · OB-robot · 7d21e913 · 23f4876f · 23f4876f
Showing with 31 addition and 1 deletion

src/sql/resolver/dcl/ob_set_password_resolver.cpp src/sql/resolver/dcl/ob_set_password_resolver.cpp +30 -1

src/sql/resolver/dcl/ob_set_password_resolver.h src/sql/resolver/dcl/ob_set_password_resolver.h +1 -0

未找到文件。
--- a/src/sql/resolver/dcl/ob_set_password_resolver.cpp
+++ b/src/sql/resolver/dcl/ob_set_password_resolver.cpp
@@ -78,9 +78,15 @@ int ObSetPasswordResolver::resolve(const ParseNode &parse_tree)
      ObString host_name;
      const ObString &session_user_name = session_info_->get_user_name();
      const ObString &session_host_name = session_info_->get_host_name();
+      bool is_valid = false;
      if (NULL != node->children_[0]) {
        ParseNode *user_hostname_node = node->children_[0];
-        if (OB_ISNULL(user_hostname_node->children_[0])) {
+        if (OB_FAIL(check_role_as_user(user_hostname_node, is_valid))) {
+          LOG_WARN("failed to check role as user", K(ret));
+        } else if (!is_valid) {
+          ret = OB_USER_NOT_EXIST;
+          LOG_ORACLE_USER_ERROR(OB_USER_NOT_EXIST, int(user_hostname_node->str_len_), user_hostname_node->str_value_);
+        } else if (OB_ISNULL(user_hostname_node->children_[0])) {
          ret = OB_INVALID_ARGUMENT;
          LOG_WARN("username should not be NULL", K(ret));
        } else {
@@ -326,3 +332,26 @@ int ObSetPasswordResolver::resolve_oracle_password_strength(common::ObString &us
  }
  return ret; 
 }
+
+/*
+bugfix : https://work.aone.alibaba-inc.com/issue/46244474
+alter user resource identified by password core cause by invalid memory access
+*/
+int ObSetPasswordResolver::check_role_as_user(ParseNode *user_hostname_node, bool &is_valid) {
+  is_valid = false;
+  int ret = OB_SUCCESS;
+  if (OB_ISNULL(user_hostname_node)) {
+    ret = OB_ERR_UNEXPECTED;
+    LOG_WARN("failed to check_role_as_user, user_hostname_node is NULL", K(ret));
+  } else if (!lib::is_oracle_mode() || T_VARCHAR != user_hostname_node->type_) {
+    is_valid = true;
+  } else {
+    ObString node_str(user_hostname_node->str_len_, user_hostname_node->str_value_);
+    if (0 != node_str.case_compare(OB_ORA_RESOURCE_ROLE_NAME) &&
+        0 != node_str.case_compare(OB_ORA_PUBLIC_ROLE_NAME) &&
+        0 != node_str.case_compare(OB_ORA_CONNECT_ROLE_NAME)) {
+      is_valid = true;
+    }
+  }
+  return ret;
+}
\ No newline at end of file
--- a/src/sql/resolver/dcl/ob_set_password_resolver.h
+++ b/src/sql/resolver/dcl/ob_set_password_resolver.h
@@ -39,6 +39,7 @@ private:
  int resolve_oracle_password_strength(common::ObString &user_name, 
                                       common::ObString &hostname,
                                       common::ObString &password);
+  int check_role_as_user(ParseNode *user_hostname_node, bool &is_valid);
 private:
  const static uint64_t MAX_CONNECTIONS = 4294967295;
  // disallow copy