diff options
| author | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:05:41 +0400 |
|---|---|---|
| committer | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:10:36 +0400 |
| commit | 04daf30e9bca85b3241981c53f2293cee1f2de00 (patch) | |
| tree | 7b825c075e33d4efcc21744db689373eaf895463 | |
| parent | c4c48e974013a1a3d62ae6b2fc9a705c3bdd1689 (diff) | |
| download | mariadb-git-04daf30e9bca85b3241981c53f2293cee1f2de00.tar.gz | |
MDEV-13921 Audit log writes invalid SQL if single-line comments are
present.
Escape special characters (like \r \n \t) instead of
replacing them with spaces.
| -rw-r--r-- | mysql-test/suite/plugins/r/server_audit.result | 9 | ||||
| -rw-r--r-- | mysql-test/suite/plugins/t/server_audit.test | 5 | ||||
| -rw-r--r-- | plugin/server_audit/server_audit.c | 39 |
3 files changed, 31 insertions, 22 deletions
diff --git a/mysql-test/suite/plugins/r/server_audit.result b/mysql-test/suite/plugins/r/server_audit.result index ceb75176b43..3971504b238 100644 --- a/mysql-test/suite/plugins/r/server_audit.result +++ b/mysql-test/suite/plugins/r/server_audit.result @@ -47,6 +47,7 @@ alter table t1 rename renamed_t1; set global server_audit_events='connect,query'; select 1, 2, +# comment 3; 1 2 3 1 2 3 @@ -161,7 +162,9 @@ id 2 CREATE USER u1 IDENTIFIED BY 'pwd-123'; GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; -SET PASSWORD FOR u1 = PASSWORD('pwd 098'); +SET PASSWORD +# comment +FOR u1 = PASSWORD('pwd 098'); SET PASSWORD FOR u1=<secret>; ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '<secret>' at line 1 CREATE USER u3 IDENTIFIED BY ''; @@ -253,7 +256,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,index_stats, TIME,HOSTNAME,root,localhost,ID,ID,RENAME,test,t1|test.renamed_t1, TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'alter table t1 rename renamed_t1',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_events=\'connect,query\'',0 -TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select 1, 2, 3',0 +TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select 1,\n2,\n# comment\n3',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'insert into t2 values (1), (2)',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select * from t2',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select * from t_doesnt_exist',ID @@ -336,7 +339,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'/*! select 2*/',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'/*comment*/ select 2',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO u2 IDENTIFIED BY *****',0 -TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1 = PASSWORD(*****)',0 +TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD \n# comment\nFOR u1 = PASSWORD(*****)',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1=<secret>',ID TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0 diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test index 52428909c3b..9be0d5556f0 100644 --- a/mysql-test/suite/plugins/t/server_audit.test +++ b/mysql-test/suite/plugins/t/server_audit.test @@ -38,6 +38,7 @@ alter table t1 rename renamed_t1; set global server_audit_events='connect,query'; select 1, 2, +# comment 3; insert into t2 values (1), (2); select * from t2; @@ -106,7 +107,9 @@ insert into t1 values (1), (2); select * from t1; CREATE USER u1 IDENTIFIED BY 'pwd-123'; GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321"; -SET PASSWORD FOR u1 = PASSWORD('pwd 098'); +SET PASSWORD +# comment +FOR u1 = PASSWORD('pwd 098'); --error 1064 SET PASSWORD FOR u1=<secret>; CREATE USER u3 IDENTIFIED BY ''; diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 6a2ed16cb00..152cc75b710 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1121,6 +1121,21 @@ do { \ } while(0) +#define ESC_MAP_SIZE 0x60 +static const char esc_map[ESC_MAP_SIZE]= +{ + 0, 0, 0, 0, 0, 0, 0, 0, 'b', 't', 'n', 0, 'f', 'r', 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, '\'', 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, '\\', 0, 0, 0 +}; + +static char escaped_char(char c) +{ + return ((unsigned char ) c) >= ESC_MAP_SIZE ? 0 : esc_map[(unsigned char) c]; +} static void setup_connection_initdb(struct connection_info *cn, @@ -1327,21 +1342,16 @@ static size_t escape_string(const char *str, unsigned int len, const char *res_end= result + result_len - 2; while (len) { + char esc_c; + if (result >= res_end) break; - if (*str == '\'') + if ((esc_c= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= esc_c; } else if (is_space(*str)) *(result++)= ' '; @@ -1430,19 +1440,12 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len, no_password: if (result >= res_end) break; - if (*str == '\'') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') + if ((b_char= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= b_char; } else if (is_space(*str)) *(result++)= ' '; |