mirror of
https://github.com/MariaDB/server.git
synced 2025-01-17 20:42:30 +01:00
3010890e58
Bug#17667: An attacker has the opportunity to bypass query logging. This adds a new, local-only printf format specifier to our *printf functions that allows us to print known-size buffers that must not be interpreted as NUL-terminated "strings." It uses this format-specifier to print to the log, thus fixing this problem. include/my_sys.h: Add prototype for my_memmem() . mysys/Makefile.am: Add reference to new file, my_memmem.c mysys/mf_iocache2.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. Also, simplify the code a bit. TODO: This code should be unified with the strings/my_vnsprintf.c code in the future. sql/sql_parse.cc: The query is not a C-string, but is a sized buffer, containing any character at all, which may include NUL characters. strings/my_vsnprintf.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. tests/Makefile.am: We may need some of our local functions. tests/mysql_client_test.c: Add a "%.1234b" and "%.*b" percent-code. It takes a width, just like "%s", but unlike the string-indicator, it requires the width and doesn't stop printing at NUL characters. mysql-test/t/mysql_client_test.opt: New BitKeeper file ``mysql-test/t/mysql_client_test.opt'' Add '--log' server parameter. mysys/my_memmem.c: New BitKeeper file ``mysys/my_memmem.c'' Implement memmem, a black-box work-alike of the GNU memmem(), which functions like strstr() but for arbitrary blocks of memory.
1 line
6 B
Text
1 line
6 B
Text
--log
|