database/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-08-01 03:47:19 +03:00
Code Activity

SECURITY FIX

Browse Source 
Bug#17667: An attacker has the opportunity to bypass query logging.

This adds a new, local-only printf format specifier to our *printf functions
that allows us to print known-size buffers that must not be interpreted as 
NUL-terminated "strings."

It uses this format-specifier to print to the log, thus fixing this 
problem.
This commit is contained in:
cmiller@zippy.(none)
2006-05-01 22:10:50 -04:00
parent 274afed734
commit 85ffd9640e
9 changed files with 220 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
sql/sql_parse.cc
View File

@ -1711,7 +1711,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
if (alloc_query(thd, packet, packet_length))
break; // fatal error is set
char *packet_end= thd->query + thd->query_length;
mysql_log.write(thd,command,"%s",thd->query);
mysql_log.write(thd,command, "%.*b", thd->query_length, thd->query);
DBUG_PRINT("query",("%-.4096s",thd->query));
if (!(specialflag & SPECIAL_NO_PRIOR))