Commit da6538b6 authored by Ashish Agarwal's avatar Ashish Agarwal

Bug#16169063: SECURITY CONCERN BECAUSE OF INSUFFICIENT LOGGING

PROBLEM: If multiple statements are sent by a single
         request then only the last statement was
         getting logged. An attacker can bypass the
         audit log just by sending two comsecutive
         statements in one request.

SOLUTION: Each statements from a single request are
          logged.
parent 833c75da
...@@ -1048,6 +1048,11 @@ bool dispatch_command(enum enum_server_command command, THD *thd, ...@@ -1048,6 +1048,11 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
thd->update_server_status(); thd->update_server_status();
thd->protocol->end_statement(); thd->protocol->end_statement();
query_cache_end_of_result(thd); query_cache_end_of_result(thd);
mysql_audit_general(thd, MYSQL_AUDIT_GENERAL_STATUS,
thd->stmt_da->is_error() ? thd->stmt_da->sql_errno()
: 0, command_name[command].str);
ulong length= (ulong)(packet_end - beginning_of_next_stmt); ulong length= (ulong)(packet_end - beginning_of_next_stmt);
log_slow_statement(thd); log_slow_statement(thd);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment