• Staale Smedseng's avatar
    Bug #45790 Potential DoS vector: Writing of user input to log · 490f4432
    Staale Smedseng authored
    without proper formatting
          
    The problem is that a suitably crafted database identifier
    supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
    and thereby a denial of service. The database name is printed
    to the log without using a format string, so potential
    attackers can control the behavior of my_b_vprintf() by
    supplying their own format string. A CREATE or DROP privilege
    would be required.
          
    This patch supplies a format string to the printing of the
    database name. A test case is added to mysql_client_test.
    490f4432
sql_parse.cc 244 KB