diff options
| author | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:05:41 +0400 |
|---|---|---|
| committer | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:15:55 +0400 |
| commit | 3a3f1328fe1b4c9cfc1175cc5acc3f47acd750e8 (patch) | |
| tree | 167fbc1d1afa017965cfa917636535c14a3fa2ab /plugin | |
| parent | 5d0153c408ff8c7282fc387c4041fdbffd35727d (diff) | |
| download | mariadb-git-3a3f1328fe1b4c9cfc1175cc5acc3f47acd750e8.tar.gz | |
MDEV-13921 Audit log writes invalid SQL if single-line comments are
present.
Escape special characters (like \r \n \t) instead of
replacing them with spaces.
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/server_audit/server_audit.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 95ccb9607bf..812f6fdaac8 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1121,6 +1121,21 @@ do { \ } while(0) +#define ESC_MAP_SIZE 0x60 +static const char esc_map[ESC_MAP_SIZE]= +{ + 0, 0, 0, 0, 0, 0, 0, 0, 'b', 't', 'n', 0, 'f', 'r', 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, '\'', 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, '\\', 0, 0, 0 +}; + +static char escaped_char(char c) +{ + return ((unsigned char ) c) >= ESC_MAP_SIZE ? 0 : esc_map[(unsigned char) c]; +} static void setup_connection_initdb(struct connection_info *cn, @@ -1327,21 +1342,16 @@ static size_t escape_string(const char *str, unsigned int len, const char *res_end= result + result_len - 2; while (len) { + char esc_c; + if (result >= res_end) break; - if (*str == '\'') + if ((esc_c= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= esc_c; } else if (is_space(*str)) *(result++)= ' '; @@ -1430,19 +1440,12 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len, no_password: if (result >= res_end) break; - if (*str == '\'') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') + if ((b_char= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= b_char; } else if (is_space(*str)) *(result++)= ' '; |