From 3a3f1328fe1b4c9cfc1175cc5acc3f47acd750e8 Mon Sep 17 00:00:00 2001 From: Alexey Botchkov Date: Fri, 3 Nov 2017 17:05:41 +0400 Subject: MDEV-13921 Audit log writes invalid SQL if single-line comments are present. Escape special characters (like \r \n \t) instead of replacing them with spaces. --- plugin/server_audit/server_audit.c | 39 ++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) (limited to 'plugin') diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 95ccb9607bf..812f6fdaac8 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1121,6 +1121,21 @@ do { \ } while(0) +#define ESC_MAP_SIZE 0x60 +static const char esc_map[ESC_MAP_SIZE]= +{ + 0, 0, 0, 0, 0, 0, 0, 0, 'b', 't', 'n', 0, 'f', 'r', 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, '\'', 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, '\\', 0, 0, 0 +}; + +static char escaped_char(char c) +{ + return ((unsigned char ) c) >= ESC_MAP_SIZE ? 0 : esc_map[(unsigned char) c]; +} static void setup_connection_initdb(struct connection_info *cn, @@ -1327,21 +1342,16 @@ static size_t escape_string(const char *str, unsigned int len, const char *res_end= result + result_len - 2; while (len) { + char esc_c; + if (result >= res_end) break; - if (*str == '\'') + if ((esc_c= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= esc_c; } else if (is_space(*str)) *(result++)= ' '; @@ -1430,19 +1440,12 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len, no_password: if (result >= res_end) break; - if (*str == '\'') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') + if ((b_char= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= b_char; } else if (is_space(*str)) *(result++)= ' '; -- cgit v1.2.1 From 6ceb49a941f5b5aa93364ef1f4b57dc1d780cf25 Mon Sep 17 00:00:00 2001 From: Alexey Botchkov Date: Fri, 3 Nov 2017 22:36:58 +0400 Subject: MDEV-13921 Audit log writes invalid SQL if single-line comments are present. thread_pool_server_audit.test fixed. plugin version updated. --- plugin/server_audit/server_audit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugin') diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index 812f6fdaac8..0a266ab19fe 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -15,7 +15,7 @@ #define PLUGIN_VERSION 0x104 -#define PLUGIN_STR_VERSION "1.4.2" +#define PLUGIN_STR_VERSION "1.4.3" #define _my_thread_var loc_thread_var -- cgit v1.2.1