From bb66f574c7ed91a5859b0b8e3c67d0a43e5eb18a Mon Sep 17 00:00:00 2001
From: obdev <obdev@oceanbase.com>
Date: Tue, 29 Nov 2022 15:07:58 +0000
Subject: [PATCH] bugfix: alter user resource/public/connect identified by pwd
 core

---
 .../resolver/dcl/ob_set_password_resolver.cpp | 31 ++++++++++++++++++-
 .../resolver/dcl/ob_set_password_resolver.h   |  1 +
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/sql/resolver/dcl/ob_set_password_resolver.cpp b/src/sql/resolver/dcl/ob_set_password_resolver.cpp
index 143e66fdda..5fc9337b85 100644
--- a/src/sql/resolver/dcl/ob_set_password_resolver.cpp
+++ b/src/sql/resolver/dcl/ob_set_password_resolver.cpp
@@ -78,9 +78,15 @@ int ObSetPasswordResolver::resolve(const ParseNode &parse_tree)
       ObString host_name;
       const ObString &session_user_name = session_info_->get_user_name();
       const ObString &session_host_name = session_info_->get_host_name();
+      bool is_valid = false;
       if (NULL != node->children_[0]) {
         ParseNode *user_hostname_node = node->children_[0];
-        if (OB_ISNULL(user_hostname_node->children_[0])) {
+        if (OB_FAIL(check_role_as_user(user_hostname_node, is_valid))) {
+          LOG_WARN("failed to check role as user", K(ret));
+        } else if (!is_valid) {
+          ret = OB_USER_NOT_EXIST;
+          LOG_ORACLE_USER_ERROR(OB_USER_NOT_EXIST, int(user_hostname_node->str_len_), user_hostname_node->str_value_);
+        } else if (OB_ISNULL(user_hostname_node->children_[0])) {
           ret = OB_INVALID_ARGUMENT;
           LOG_WARN("username should not be NULL", K(ret));
         } else {
@@ -322,3 +328,26 @@ int ObSetPasswordResolver::resolve_oracle_password_strength(common::ObString &us
   }
   return ret; 
 }
+
+/*
+bugfix : https://work.aone.alibaba-inc.com/issue/46244474
+alter user resource identified by password core cause by invalid memory access
+*/
+int ObSetPasswordResolver::check_role_as_user(ParseNode *user_hostname_node, bool &is_valid) {
+  is_valid = false;
+  int ret = OB_SUCCESS;
+  if (OB_ISNULL(user_hostname_node)) {
+    ret = OB_ERR_UNEXPECTED;
+    LOG_WARN("failed to check_role_as_user, user_hostname_node is NULL", K(ret));
+  } else if (!lib::is_oracle_mode() || T_VARCHAR != user_hostname_node->type_) {
+    is_valid = true;
+  } else {
+    ObString node_str(user_hostname_node->str_len_, user_hostname_node->str_value_);
+    if (0 != node_str.case_compare(OB_ORA_RESOURCE_ROLE_NAME) &&
+        0 != node_str.case_compare(OB_ORA_PUBLIC_ROLE_NAME) &&
+        0 != node_str.case_compare(OB_ORA_CONNECT_ROLE_NAME)) {
+      is_valid = true;
+    }
+  }
+  return ret;
+}
\ No newline at end of file
diff --git a/src/sql/resolver/dcl/ob_set_password_resolver.h b/src/sql/resolver/dcl/ob_set_password_resolver.h
index 9dad065a6f..017ec8eaee 100644
--- a/src/sql/resolver/dcl/ob_set_password_resolver.h
+++ b/src/sql/resolver/dcl/ob_set_password_resolver.h
@@ -39,6 +39,7 @@ private:
   int resolve_oracle_password_strength(common::ObString &user_name, 
                                        common::ObString &hostname,
                                        common::ObString &password);
+  int check_role_as_user(ParseNode *user_hostname_node, bool &is_valid);
 private:
   const static uint64_t MAX_CONNECTIONS = 4294967295;
   // disallow copy