• unknown's avatar
    Bug#21813 An attacker has the opportunity to bypass query logging, part2 · 8e04a52a
    unknown authored
     - Use the "%.*b" format when printing prepared and exeuted prepared statements to the log.
     - Add test case to check that also prepared statements end up in the query log
    Bug#14346 Prepared statements corrupting general log/server memory
     - Use "stmt->query" when logging the newly prepared query instead of "packet"
    
    
    sql/sql_prepare.cc:
      mysql_stmt_prepare
       - Use "%.*b" format when printing to log
       - Print the query from stmt instead of "packet", packet points at the net in/out buffer and has most likely been overwritten
         when  result for prepare was written to client.
      mysql_stmt_execute 
       - Use "%.*b" format when printing to log
       - Print the query from thd as the expanded query has been specifially set to be valid also after restore from backup statement
    tests/mysql_client_test.c:
      Add tests for bug#21813 to already existing test for bug#17667. Add functionality for also executing prepared statements and making sure they end up in the log as well.
    8e04a52a
sql_prepare.cc 83.1 KB