database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-08 11:22:35 +03:00
Code Activity

MDEV-8078 Memory disclosure/buffer overread on audit plugin.

Browse Source 
If the SET PASSWORD query doesn't have the password string,
        the parsing of it can fail. It manifested first in MySQL 5.6 as
        it started to hide password lines sent to the plugins.
        Fixed by checking for that case.
This commit is contained in:
Alexey Botchkov
2015-06-07 15:40:42 +05:00
parent db0ecf2662
commit 1ae05db49c
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
plugin/server_audit/server_audit.c
View File

@@ -1175,9 +1175,15 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len,
for (c=0; c<d_len; c++)
result[c]= is_space(str[c]) ? ' ' : str[c];
memmove(result + d_len, "*****", 5);
result+= d_len + 5;
b_char= *(next_s++);
if (*next_s)
{
memmove(result + d_len, "*****", 5);
result+= d_len + 5;
b_char= *(next_s++);
}
else
result+= d_len;
while (*next_s)
{
if (*next_s == b_char)