• unknown's avatar
    SECURITY FIX · f57754d7
    unknown authored
    Bug#17667: An attacker has the opportunity to bypass query logging.
    
    This adds a new, local-only printf format specifier to our *printf functions
    that allows us to print known-size buffers that must not be interpreted as 
    NUL-terminated "strings."
    
    It uses this format-specifier to print to the log, thus fixing this 
    problem.
    
    
    include/my_sys.h:
      Add prototype for my_memmem() .
    mysys/Makefile.am:
      Add reference to new file, my_memmem.c
    mysys/mf_iocache2.c:
      Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
      but unlike the string-indicator, it requires the width and doesn't stop printing
      at NUL characters.
      
      Also, simplify the code a bit.
      
      TODO:  This code should be unified with the strings/my_vnsprintf.c code in 
      the future.
    sql/sql_parse.cc:
      The query is not a C-string, but is a sized buffer, containing any character 
      at all, which may include NUL characters.
    strings/my_vsnprintf.c:
      Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
      but unlike the string-indicator, it requires the width and doesn't stop printing
      at NUL characters.
    tests/Makefile.am:
      We may need some of our local functions.
    tests/mysql_client_test.c:
      Add a "%.1234b" and "%.*b" percent-code.  It takes a width, just like "%s", 
      but unlike the string-indicator, it requires the width and doesn't stop printing
      at NUL characters.
    mysql-test/t/mysql_client_test.opt:
      New BitKeeper file ``mysql-test/t/mysql_client_test.opt''
      
      Add '--log' server parameter.
    mysys/my_memmem.c:
      New BitKeeper file ``mysys/my_memmem.c''
      
      Implement memmem, a black-box work-alike of the GNU memmem(), which functions
      like strstr() but for arbitrary blocks of memory.
    f57754d7
mf_iocache2.c 9.82 KB