Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
M
MariaDB
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
nexedi
MariaDB
Commits
f35371b9
Commit
f35371b9
authored
Aug 30, 2006
by
msvensson@neptunus.(none)
Browse files
Options
Browse Files
Download
Plain Diff
Merge neptunus.(none):/home/msvensson/mysql/bug21813/my50-bug21813
into neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint
parents
61482f35
9d87db77
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
70 additions
and
23 deletions
+70
-23
sql/sql_prepare.cc
sql/sql_prepare.cc
+4
-2
tests/mysql_client_test.c
tests/mysql_client_test.c
+66
-21
No files found.
sql/sql_prepare.cc
View file @
f35371b9
...
@@ -1877,7 +1877,8 @@ void mysql_stmt_prepare(THD *thd, const char *packet, uint packet_length)
...
@@ -1877,7 +1877,8 @@ void mysql_stmt_prepare(THD *thd, const char *packet, uint packet_length)
thd
->
stmt_map
.
erase
(
stmt
);
thd
->
stmt_map
.
erase
(
stmt
);
}
}
else
else
mysql_log
.
write
(
thd
,
COM_STMT_PREPARE
,
"[%lu] %s"
,
stmt
->
id
,
packet
);
mysql_log
.
write
(
thd
,
COM_STMT_PREPARE
,
"[%lu] %.*b"
,
stmt
->
id
,
stmt
->
query_length
,
stmt
->
query
);
/* check_prepared_statemnt sends the metadata packet in case of success */
/* check_prepared_statemnt sends the metadata packet in case of success */
DBUG_VOID_RETURN
;
DBUG_VOID_RETURN
;
...
@@ -2252,7 +2253,8 @@ void mysql_stmt_execute(THD *thd, char *packet_arg, uint packet_length)
...
@@ -2252,7 +2253,8 @@ void mysql_stmt_execute(THD *thd, char *packet_arg, uint packet_length)
if
(
!
(
specialflag
&
SPECIAL_NO_PRIOR
))
if
(
!
(
specialflag
&
SPECIAL_NO_PRIOR
))
my_pthread_setprio
(
pthread_self
(),
WAIT_PRIOR
);
my_pthread_setprio
(
pthread_self
(),
WAIT_PRIOR
);
if
(
error
==
0
)
if
(
error
==
0
)
mysql_log
.
write
(
thd
,
COM_STMT_EXECUTE
,
"[%lu] %s"
,
stmt
->
id
,
thd
->
query
);
mysql_log
.
write
(
thd
,
COM_STMT_EXECUTE
,
"[%lu] %.*b"
,
stmt
->
id
,
thd
->
query_length
,
thd
->
query
);
DBUG_VOID_RETURN
;
DBUG_VOID_RETURN
;
...
...
tests/mysql_client_test.c
View file @
f35371b9
...
@@ -14912,22 +14912,31 @@ static void test_bug15613()
...
@@ -14912,22 +14912,31 @@ static void test_bug15613()
/*
/*
Bug#17667: An attacker has the opportunity to bypass query logging.
Bug#17667: An attacker has the opportunity to bypass query logging.
Note! Also tests Bug#21813, where prepared statements are used to
run queries
*/
*/
static
void
test_bug17667
()
static
void
test_bug17667
()
{
{
int
rc
;
int
rc
;
MYSQL_STMT
*
stmt
;
enum
query_type
{
QT_NORMAL
,
QT_PREPARED
};
struct
buffer_and_length
{
struct
buffer_and_length
{
enum
query_type
qt
;
const
char
*
buffer
;
const
char
*
buffer
;
const
uint
length
;
const
uint
length
;
}
statements
[]
=
{
}
statements
[]
=
{
{
"drop table if exists bug17667"
,
29
},
{
QT_NORMAL
,
"drop table if exists bug17667"
,
29
},
{
"create table bug17667 (c varchar(20))"
,
37
},
{
QT_NORMAL
,
"create table bug17667 (c varchar(20))"
,
37
},
{
"insert into bug17667 (c) values ('regular') /* NUL=
\0
with comment */"
,
68
},
{
QT_NORMAL
,
"insert into bug17667 (c) values ('regular') /* NUL=
\0
with comment */"
,
68
},
{
"insert into bug17667 (c) values ('NUL=
\0
in value')"
,
50
},
{
QT_PREPARED
,
{
"insert into bug17667 (c) values ('5 NULs=
\0\0\0\0\0
')"
,
48
},
"insert into bug17667 (c) values ('prepared') /* NUL=
\0
with comment */"
,
69
,
},
{
"/* NUL=
\0
with comment */ insert into bug17667 (c) values ('encore')"
,
67
},
{
QT_NORMAL
,
"insert into bug17667 (c) values ('NUL=
\0
in value')"
,
50
},
{
"drop table bug17667"
,
19
},
{
QT_NORMAL
,
"insert into bug17667 (c) values ('5 NULs=
\0\0\0\0\0
')"
,
48
},
{
NULL
,
0
}
};
{
QT_PREPARED
,
"insert into bug17667 (c) values ('6 NULs=
\0\0\0\0\0\0
')"
,
50
},
{
QT_NORMAL
,
"/* NUL=
\0
with comment */ insert into bug17667 (c) values ('encore')"
,
67
},
{
QT_NORMAL
,
"drop table bug17667"
,
19
},
{
QT_NORMAL
,
NULL
,
0
}
};
struct
buffer_and_length
*
statement_cursor
;
struct
buffer_and_length
*
statement_cursor
;
FILE
*
log_file
;
FILE
*
log_file
;
...
@@ -14937,9 +14946,36 @@ static void test_bug17667()
...
@@ -14937,9 +14946,36 @@ static void test_bug17667()
for
(
statement_cursor
=
statements
;
statement_cursor
->
buffer
!=
NULL
;
for
(
statement_cursor
=
statements
;
statement_cursor
->
buffer
!=
NULL
;
statement_cursor
++
)
{
statement_cursor
++
)
{
rc
=
mysql_real_query
(
mysql
,
statement_cursor
->
buffer
,
if
(
statement_cursor
->
qt
==
QT_NORMAL
)
statement_cursor
->
length
);
{
myquery
(
rc
);
/* Run statement as normal query */
rc
=
mysql_real_query
(
mysql
,
statement_cursor
->
buffer
,
statement_cursor
->
length
);
myquery
(
rc
);
}
else
if
(
statement_cursor
->
qt
==
QT_PREPARED
)
{
/*
Run as prepared statement
NOTE! All these queries should be in the log twice,
one time for prepare and one time for execute
*/
stmt
=
mysql_stmt_init
(
mysql
);
rc
=
mysql_stmt_prepare
(
stmt
,
statement_cursor
->
buffer
,
statement_cursor
->
length
);
check_execute
(
stmt
,
rc
);
rc
=
mysql_stmt_execute
(
stmt
);
check_execute
(
stmt
,
rc
);
mysql_stmt_close
(
stmt
);
}
else
{
assert
(
0
==
1
);
}
}
}
/* Make sure the server has written the logs to disk before reading it */
/* Make sure the server has written the logs to disk before reading it */
...
@@ -14957,27 +14993,36 @@ static void test_bug17667()
...
@@ -14957,27 +14993,36 @@ static void test_bug17667()
for
(
statement_cursor
=
statements
;
statement_cursor
->
buffer
!=
NULL
;
for
(
statement_cursor
=
statements
;
statement_cursor
->
buffer
!=
NULL
;
statement_cursor
++
)
{
statement_cursor
++
)
{
int
expected_hits
=
1
,
hits
=
0
;
char
line_buffer
[
MAX_TEST_QUERY_LENGTH
*
2
];
char
line_buffer
[
MAX_TEST_QUERY_LENGTH
*
2
];
/* more than enough room for the query and some marginalia. */
/* more than enough room for the query and some marginalia. */
/* Prepared statments always occurs twice in log */
if
(
statement_cursor
->
qt
==
QT_PREPARED
)
expected_hits
++
;
/* Loop until we found expected number of log entries */
do
{
do
{
memset
(
line_buffer
,
'/'
,
MAX_TEST_QUERY_LENGTH
*
2
);
/* Loop until statement is found in log */
do
{
memset
(
line_buffer
,
'/'
,
MAX_TEST_QUERY_LENGTH
*
2
);
if
(
fgets
(
line_buffer
,
MAX_TEST_QUERY_LENGTH
*
2
,
log_file
)
==
NULL
)
if
(
fgets
(
line_buffer
,
MAX_TEST_QUERY_LENGTH
*
2
,
log_file
)
==
NULL
)
{
/* If fgets returned NULL, it indicates either error or EOF */
if
(
feof
(
log_file
))
DIE
(
"Found EOF before all statements where found"
);
else
{
{
/* If fgets returned NULL, it indicates either error or EOF */
if
(
feof
(
log_file
))
DIE
(
"Found EOF before all statements where found"
);
fprintf
(
stderr
,
"Got error %d while reading from file
\n
"
,
fprintf
(
stderr
,
"Got error %d while reading from file
\n
"
,
ferror
(
log_file
));
ferror
(
log_file
));
DIE
(
"Read error"
);
DIE
(
"Read error"
);
}
}
}
}
while
(
my_memmem
(
line_buffer
,
MAX_TEST_QUERY_LENGTH
*
2
,
}
while
(
my_memmem
(
line_buffer
,
MAX_TEST_QUERY_LENGTH
*
2
,
statement_cursor
->
buffer
,
statement_cursor
->
length
)
==
NULL
);
statement_cursor
->
buffer
,
statement_cursor
->
length
)
==
NULL
);
hits
++
;
}
while
(
hits
<
expected_hits
);
printf
(
"Found statement starting with
\"
%s
\"\n
"
,
printf
(
"Found statement starting with
\"
%s
\"\n
"
,
statement_cursor
->
buffer
);
statement_cursor
->
buffer
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment