unknown d4075f6659 Bug#21813 An attacker has the opportunity to bypass query logging, part2 ...

- Use the "%.*b" format when printing prepared and exeuted prepared statements to the log.
 - Add test case to check that also prepared statements end up in the query log
Bug#14346 Prepared statements corrupting general log/server memory
 - Use "stmt->query" when logging the newly prepared query instead of "packet"


sql/sql_prepare.cc:
  mysql_stmt_prepare
   - Use "%.*b" format when printing to log
   - Print the query from stmt instead of "packet", packet points at the net in/out buffer and has most likely been overwritten
     when  result for prepare was written to client.
  mysql_stmt_execute 
   - Use "%.*b" format when printing to log
   - Print the query from thd as the expanded query has been specifially set to be valid also after restore from backup statement
tests/mysql_client_test.c:
  Add tests for bug#21813 to already existing test for bug#17667. Add functionality for also executing prepared statements and making sure they end up in the log as well.

2006-08-30 17:11:00 +02:00

83 KiB

Raw Blame History

View Raw