database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-07-27 18:02:13 +03:00
Code Activity

MDEV-8078 Memory disclosure/buffer overread on audit plugin.

Browse Source 
If the SET PASSWORD query doesn't have the password string,
        the parsing of it can fail. It manifested first in MySQL 5.6 as
        it started to hide password lines sent to the plugins.
        Fixed by checking for that case.
This commit is contained in:
Alexey Botchkov
2015-06-07 15:40:42 +05:00
parent db0ecf2662
commit 1ae05db49c
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
mysql-test/suite/plugins/t/server_audit.test
View File

@ -105,6 +105,8 @@ select * from t1;
CREATE USER u1 IDENTIFIED BY 'pwd-123';
GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
SET PASSWORD FOR u1 = PASSWORD('pwd 098');
--error 1064
SET PASSWORD FOR u1=<secret>;
CREATE USER u3 IDENTIFIED BY '';
drop user u1, u2, u3;
select 2;