List:Commits« Previous MessageNext Message »
From:Chad MILLER Date:April 10 2006 8:58pm
Subject:bk commit into 5.1 tree (cmiller:1.2311)
View as plain text  
Below is the list of changes that have just been committed into a local
5.1 repository of cmiller. When cmiller does a push these changes will
be propagated to the main repository and, within 24 hours after the
push, to the public repository.
For information on how to access the public repository
see http://dev.mysql.com/doc/mysql/en/installing-source-tree.html

ChangeSet
  1.2311 06/04/10 14:58:21 cmiller@zippy.(none) +5 -0
  Merge zippy.(none):/home/cmiller/work/mysql/mysql-5.0
  into  zippy.(none):/home/cmiller/work/mysql/mysql-5.1-new__bug17667

  tests/mysql_client_test.c
    1.187 06/04/10 14:58:17 cmiller@zippy.(none) +1 -0
    Blank line.

  sql/sql_parse.cc
    1.537 06/04/10 14:58:17 cmiller@zippy.(none) +1 -2
    Logging function name changed.

  tests/Makefile.am
    1.25 06/04/10 14:51:05 cmiller@zippy.(none) +0 -0
    Auto merged

  mysys/Makefile.am
    1.75 06/04/10 14:51:05 cmiller@zippy.(none) +0 -0
    Auto merged

  include/my_sys.h
    1.190 06/04/10 14:51:05 cmiller@zippy.(none) +0 -0
    Auto merged

# This is a BitKeeper patch.  What follows are the unified diffs for the
# set of deltas contained in the patch.  The rest of the patch, the part
# that BitKeeper cares about, is below these diffs.
# User:	cmiller
# Host:	zippy.(none)
# Root:	/home/cmiller/work/mysql/mysql-5.1-new__bug17667/RESYNC

--- 1.189/include/my_sys.h	2006-04-04 03:59:13 -04:00
+++ 1.190/include/my_sys.h	2006-04-10 14:51:05 -04:00
@@ -601,6 +601,11 @@
 				    const char *sFile, uint uLine,
 				    myf MyFlag);
 
+/* implemented in my_memmem.c */
+extern void *my_memmem(const void *haystack, size_t haystacklen,
+    const void *needle, size_t needlelen);
+
+
 #ifdef __WIN__
 extern int my_access(const char *path, int amode);
 extern File my_sopen(const char *path, int oflag, int shflag, int pmode);

--- 1.74/mysys/Makefile.am	2006-03-24 16:50:46 -05:00
+++ 1.75/mysys/Makefile.am	2006-04-10 14:51:05 -04:00
@@ -56,6 +56,7 @@
 			charset.c charset-def.c my_bitmap.c my_bit.c md5.c \
 			my_gethostbyname.c rijndael.c my_aes.c sha1.c \
 			my_handler.c my_netware.c my_largepage.c \
+			my_memmem.c \
 			my_windac.c my_access.c base64.c
 EXTRA_DIST =		thr_alarm.c thr_lock.c my_pthread.c my_thr_init.c \
 			thr_mutex.c thr_rwlock.c \

--- 1.536/sql/sql_parse.cc	2006-04-06 07:40:54 -04:00
+++ 1.537/sql/sql_parse.cc	2006-04-10 14:58:17 -04:00
@@ -1732,7 +1732,7 @@
     if (alloc_query(thd, packet, packet_length))
       break;					// fatal error is set
     char *packet_end= thd->query + thd->query_length;
-    general_log_print(thd, command, "%s", thd->query);
+    general_log_print(thd, command, "%.*b", thd->query_length, thd->query);
     DBUG_PRINT("query",("%-.4096s",thd->query));
 
     if (!(specialflag & SPECIAL_NO_PRIOR))

--- 1.24/tests/Makefile.am	2006-03-24 16:50:48 -05:00
+++ 1.25/tests/Makefile.am	2006-04-10 14:51:05 -04:00
@@ -43,7 +43,7 @@
 LIBS =			@CLIENT_LIBS@
 LDADD =			@CLIENT_EXTRA_LDFLAGS@ \
                         $(top_builddir)/libmysql/libmysqlclient.la
-mysql_client_test_LDADD= $(LDADD) $(CXXLDFLAGS)
+mysql_client_test_LDADD= $(LDADD) $(CXXLDFLAGS) -lmysys -L../mysys
 mysql_client_test_SOURCES= mysql_client_test.c $(yassl_dummy_link_fix)
 insert_test_SOURCES=       insert_test.c $(yassl_dummy_link_fix)
 select_test_SOURCES=       select_test.c $(yassl_dummy_link_fix)

--- 1.186/tests/mysql_client_test.c	2006-04-01 02:38:30 -05:00
+++ 1.187/tests/mysql_client_test.c	2006-04-10 14:58:17 -04:00
@@ -14839,6 +14839,79 @@
   myquery(rc);
   mysql_stmt_close(stmt);
 }
+
+/*
+  Bug#17667: An attacker has the opportunity to bypass query logging.
+*/
+static void test_bug17667()
+{
+  int rc;
+  myheader("test_bug17667");
+  struct buffer_and_length {
+    const char *buffer;
+    const uint length;
+  } statements[]= {
+    { "drop table if exists bug17667", 29 },
+    { "create table bug17667 (c varchar(20))", 37 },
+    { "insert into bug17667 (c) values ('regular') /* NUL=\0 with comment */", 68 },
+    { "insert into bug17667 (c) values ('NUL=\0 in value')", 50 },
+    { "insert into bug17667 (c) values ('5 NULs=\0\0\0\0\0')", 48 },
+    { "/* NUL=\0 with comment */ insert into bug17667 (c) values ('encore')", 67 },
+    { "drop table bug17667", 19 },
+    { NULL, 0 } };  
+  /* 
+    Note that at this time, the docs say that NUL characters in string literals
+    are illegal.  If we ever begin to disallow them, then this test will 
+    fail.  Note that NULs in comments is a seperate issue, which might still be
+    legal.
+  */
+
+  struct buffer_and_length *statement_cursor;
+  FILE *log_file;
+
+  for (statement_cursor= statements; statement_cursor->buffer != NULL;
+      statement_cursor++) {
+    rc= mysql_real_query(mysql, statement_cursor->buffer,
+        statement_cursor->length);
+    myquery(rc);
+  }
+
+  sleep(1); /* The server may need time to flush the data to the log. */
+  log_file= fopen("var/log/master.log", "r");
+  DIE_UNLESS(log_file != NULL);
+  if (log_file != NULL) {
+
+    for (statement_cursor= statements; statement_cursor->buffer != NULL;
+        statement_cursor++) {
+     char line_buffer[MAX_TEST_QUERY_LENGTH*2]; 
+     /* more than enough room for the query and some marginalia. */
+
+      do {
+        memset(line_buffer, '/', MAX_TEST_QUERY_LENGTH*2);
+
+        DIE_UNLESS(fgets(line_buffer, MAX_TEST_QUERY_LENGTH*2, log_file) !=
+            NULL);
+        /* If we reach EOF before finishing the statement list, then we failed. */
+
+      } while (my_memmem(line_buffer, MAX_TEST_QUERY_LENGTH*2,
+            statement_cursor->buffer, statement_cursor->length) == NULL);
+    }
+
+    printf("success.  All queries found intact in the log.\n");
+
+  } else {
+    fprintf(stderr, "Could not find the log file, var/log/master.log, so "
+        "test_bug17667 is \ninconclusive.  Run test from the "
+        "mysql-test/mysql-test-run* program \nto set up the correct "
+        "environment for this test.\n\n");
+  }
+
+  if (log_file != NULL)
+    fclose(log_file);
+
+}
+
+
 /*
   Bug#14169: type of group_concat() result changed to blob if tmp_table was used
 */
@@ -15139,6 +15212,7 @@
   { "test_bug16144", test_bug16144 },
   { "test_bug15613", test_bug15613 },
   { "test_bug14169", test_bug14169 },
+  { "test_bug17667", test_bug17667 },
   { 0, 0 }
 };
Thread
bk commit into 5.1 tree (cmiller:1.2311)Chad MILLER10 Apr