Bug #45790 Potential DoS vector: Writing of user input to log

without proper formatting
      
The problem is that a suitably crafted database identifier
supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
and thereby a denial of service. The database name is printed
to the log without using a format string, so potential
attackers can control the behavior of my_b_vprintf() by
supplying their own format string. A CREATE or DROP privilege
would be required.
      
This patch supplies a format string to the printing of the
database name. A test case is added to mysql_client_test.


sql/sql_parse.cc:
  Added format strings.
tests/mysql_client_test.c:
  Added new test case.

sql/sql_parse.cc

@@ -2096,7 +2096,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
       }
       if (check_access(thd,CREATE_ACL,db,0,1,0,is_schema_db(db)))
 	break;
-      mysql_log.write(thd,command,packet);
+      mysql_log.write(thd, command, "%s", db);
       bzero(&create_info, sizeof(create_info));
       mysql_create_db(thd, (lower_case_table_names == 2 ? alias : db),
                       &create_info, 0);
@@ -2121,7 +2121,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
                    ER(ER_LOCK_OR_ACTIVE_TRANSACTION), MYF(0));
 	break;
       }
-      mysql_log.write(thd,command,db);
+      mysql_log.write(thd, command, "%s", db);
       mysql_rm_db(thd, db, 0, 0);
       break;
     }