mirror of
https://github.com/MariaDB/server.git
synced 2026-04-21 07:45:32 +02:00
3010890e58
Bug#17667: An attacker has the opportunity to bypass query logging. This adds a new, local-only printf format specifier to our *printf functions that allows us to print known-size buffers that must not be interpreted as NUL-terminated "strings." It uses this format-specifier to print to the log, thus fixing this problem. include/my_sys.h: Add prototype for my_memmem() . mysys/Makefile.am: Add reference to new file, my_memmem.c mysys/mf_iocache2.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. Also, simplify the code a bit. TODO: This code should be unified with the strings/my_vnsprintf.c code in the future. sql/sql_parse.cc: The query is not a C-string, but is a sized buffer, containing any character at all, which may include NUL characters. strings/my_vsnprintf.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. tests/Makefile.am: We may need some of our local functions. tests/mysql_client_test.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. mysql-test/t/mysql_client_test.opt: New BitKeeper file ``mysql-test/t/mysql_client_test.opt'' Add '--log' server parameter. mysys/my_memmem.c: New BitKeeper file ``mysys/my_memmem.c'' Implement memmem, a black-box work-alike of the GNU memmem(), which functions like strstr() but for arbitrary blocks of memory. |
||
|---|---|---|
| .. | ||
| .cvsignore | ||
| auto_increment.res | ||
| auto_increment.tst | ||
| big_record.pl | ||
| connect_test.c | ||
| deadlock_test.c | ||
| drop_test.pl | ||
| export.pl | ||
| fork2_test.pl | ||
| fork_big.pl | ||
| fork_big2.pl | ||
| function.res | ||
| function.tst | ||
| grant.pl | ||
| grant.res | ||
| index_corrupt.pl | ||
| insert_and_repair.pl | ||
| insert_test.c | ||
| list_test.c | ||
| lock_test.pl | ||
| lock_test.res | ||
| mail_to_db.pl | ||
| Makefile.am | ||
| myisam-big-rows.tst | ||
| mysql_client_test.c | ||
| pmail.pl | ||
| rename_test.pl | ||
| restore-lock.smack | ||
| select_test.c | ||
| showdb_test.c | ||
| ssl_test.c | ||
| table_types.pl | ||
| test_delayed_insert.pl | ||
| thread_test.c | ||
| truncate.pl | ||
| udf_test | ||
| udf_test.res | ||