From 5e20df2ff977bc837e1b9e80a22337292d42c8af Mon Sep 17 00:00:00 2001
From: Alexey Botchkov <holyfoot@askmonty.org>
Date: Thu, 19 Mar 2015 19:46:08 +0400
Subject: [PATCH] MDEV-7641 Server crash on set global
 server_audit_incl_users=null.

plugin_variable_update() can get NULL as a value for a string parameter.
Needs to be checked and handled properly.
---
 .../suite/plugins/r/server_audit.result       |  2 ++
 mysql-test/suite/plugins/t/server_audit.test  |  2 ++
 plugin/server_audit/server_audit.c            | 19 ++++++++++++-------
 3 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/mysql-test/suite/plugins/r/server_audit.result b/mysql-test/suite/plugins/r/server_audit.result
index d91a4f424fe..d38f194f31b 100644
--- a/mysql-test/suite/plugins/r/server_audit.result
+++ b/mysql-test/suite/plugins/r/server_audit.result
@@ -15,6 +15,8 @@ server_audit_syslog_facility	LOG_USER
 server_audit_syslog_ident	mysql-server_auditing
 server_audit_syslog_info	
 server_audit_syslog_priority	LOG_INFO
+set global server_audit_file_path=null;
+set global server_audit_incl_users=null;
 set global server_audit_file_path='server_audit.log';
 set global server_audit_output_type=file;
 set global server_audit_logging=on;
diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test
index f59a68e3148..8a131ff5f70 100644
--- a/mysql-test/suite/plugins/t/server_audit.test
+++ b/mysql-test/suite/plugins/t/server_audit.test
@@ -8,6 +8,8 @@ if (!$SERVER_AUDIT_SO) {
 install plugin server_audit soname 'server_audit';
 
 show variables like 'server_audit%';
+set global server_audit_file_path=null;
+set global server_audit_incl_users=null;
 set global server_audit_file_path='server_audit.log';
 set global server_audit_output_type=file;
 set global server_audit_logging=on;
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 491a98e44dd..ce5d5397d9b 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -877,6 +877,7 @@ static struct connection_info *
 
 
 #define SAFE_STRLEN(s) (s ? strlen(s) : 0)
+static char empty_str[1]= { 0 };
 
 
 static int is_space(char c)
@@ -2156,10 +2157,12 @@ static void update_file_path(MYSQL_THD thd,
               struct st_mysql_sys_var *var  __attribute__((unused)),
               void *var_ptr  __attribute__((unused)), const void *save)
 {
+  char *new_name= (*(char **) save) ? *(char **) save : empty_str;
+
   flogger_mutex_lock(&lock_operations);
   internal_stop_logging= 1;
   error_header();
-  fprintf(stderr, "Log file name was changed to '%s'.\n", *(const char **) save);
+  fprintf(stderr, "Log file name was changed to '%s'.\n", new_name);
 
   if (logging)
     log_current_query(thd);
@@ -2168,7 +2171,7 @@ static void update_file_path(MYSQL_THD thd,
   {
     char *sav_path= file_path;
 
-    file_path= *(char **) save;
+    file_path= new_name;
     internal_stop_logging= 1;
     stop_logging();
     if (start_logging())
@@ -2188,7 +2191,7 @@ static void update_file_path(MYSQL_THD thd,
     internal_stop_logging= 0;
   }
 
-  strncpy(path_buffer, *(const char **) save, sizeof(path_buffer));
+  strncpy(path_buffer, new_name, sizeof(path_buffer));
   file_path= path_buffer;
 exit_func:
   internal_stop_logging= 0;
@@ -2235,9 +2238,10 @@ static void update_incl_users(MYSQL_THD thd,
               struct st_mysql_sys_var *var  __attribute__((unused)),
               void *var_ptr  __attribute__((unused)), const void *save)
 {
+  char *new_users= (*(char **) save) ? *(char **) save : empty_str;
   flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
-  strncpy(incl_user_buffer, *(const char **) save, sizeof(incl_user_buffer));
+  strncpy(incl_user_buffer, new_users, sizeof(incl_user_buffer));
   incl_users= incl_user_buffer;
   user_hash_fill(&incl_user_hash, incl_users, &excl_user_hash, 1);
   error_header();
@@ -2250,9 +2254,10 @@ static void update_excl_users(MYSQL_THD thd  __attribute__((unused)),
               struct st_mysql_sys_var *var  __attribute__((unused)),
               void *var_ptr  __attribute__((unused)), const void *save)
 {
+  char *new_users= (*(char **) save) ? *(char **) save : empty_str;
   flogger_mutex_lock(&lock_operations);
   mark_always_logged(thd);
-  strncpy(excl_user_buffer, *(const char **) save, sizeof(excl_user_buffer));
+  strncpy(excl_user_buffer, new_users, sizeof(excl_user_buffer));
   excl_users= excl_user_buffer;
   user_hash_fill(&excl_user_hash, excl_users, &incl_user_hash, 0);
   error_header();
@@ -2377,8 +2382,8 @@ static void update_syslog_ident(MYSQL_THD thd  __attribute__((unused)),
               struct st_mysql_sys_var *var  __attribute__((unused)),
               void *var_ptr  __attribute__((unused)), const void *save)
 {
-  strncpy(syslog_ident_buffer, *(const char **) save,
-          sizeof(syslog_ident_buffer));
+  char *new_ident= (*(char **) save) ? *(char **) save : empty_str;
+  strncpy(syslog_ident_buffer, new_ident, sizeof(syslog_ident_buffer));
   syslog_ident= syslog_ident_buffer;
   error_header();
   fprintf(stderr, "SYSYLOG ident was changed to '%s'\n", syslog_ident);