MDEV-8078 Memory disclosure/buffer overread on audit plugin.

If the SET PASSWORD query doesn't have the password string, the parsing of it can fail. It manifested first in MySQL 5.6 as it started to hide password lines sent to the plugins. Fixed by checking for that case.
author: Alexey Botchkov <holyfoot@askmonty.org> 2015-06-07 15:40:42 +0500
committer: Alexey Botchkov <holyfoot@askmonty.org> 2015-06-07 15:40:42 +0500
commit: 1ae05db49c433b6cd3d0172fa1f4421632b6f2ac (patch)
tree: 33f5bd36097719fdb68f315220c9182ced450101 /plugin
parent: db0ecf2662c54b1382305908413b45c75f2dfd19 (diff)
download: mariadb-git-1ae05db49c433b6cd3d0172fa1f4421632b6f2ac.tar.gz
1 files changed, 9 insertions, 3 deletions
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
index 4aa8652de52..bede4c9545d 100644
--- a/plugin/server_audit/server_audit.c
+++ b/plugin/server_audit/server_audit.c
@@ -1175,9 +1175,15 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len,
       for (c=0; c<d_len; c++)
         result[c]= is_space(str[c]) ? ' ' : str[c];
 
-      memmove(result + d_len, "*****", 5);
-      result+= d_len + 5;
-      b_char= *(next_s++);
+      if (*next_s)
+      {
+        memmove(result + d_len, "*****", 5);
+        result+= d_len + 5;
+        b_char= *(next_s++);
+      }
+      else
+        result+= d_len;
+
       while (*next_s)
       {
         if (*next_s == b_char)
author	Alexey Botchkov <holyfoot@askmonty.org>	2015-06-07 15:40:42 +0500
committer	Alexey Botchkov <holyfoot@askmonty.org>	2015-06-07 15:40:42 +0500
commit	1ae05db49c433b6cd3d0172fa1f4421632b6f2ac (patch)
tree	33f5bd36097719fdb68f315220c9182ced450101 /plugin
parent	db0ecf2662c54b1382305908413b45c75f2dfd19 (diff)
download	mariadb-git-1ae05db49c433b6cd3d0172fa1f4421632b6f2ac.tar.gz