diff options
author | Robin H. Johnson <robbat2@gentoo.org> | 2006-04-11 16:47:34 +0000 |
---|---|---|
committer | Robin H. Johnson <robbat2@gentoo.org> | 2006-04-11 16:47:34 +0000 |
commit | d010470f5991a91585bbf343b76e88dc7fd3546b (patch) | |
tree | dd9d4e6e93deb3ee1fdbbbddb3894f60eab89612 | |
parent | Imported from /home/gentoo/distfiles/mysql-extras-20060410.tar.bz2. (diff) | |
download | mysql-extras-d010470f5991a91585bbf343b76e88dc7fd3546b.tar.gz mysql-extras-d010470f5991a91585bbf343b76e88dc7fd3546b.tar.bz2 mysql-extras-d010470f5991a91585bbf343b76e88dc7fd3546b.zip |
Imported from /home/gentoo/distfiles/mysql-extras-20060411.tar.bz2.mysql-extras-20060411
-rw-r--r-- | 201_all_query-logging-bypass-5.0.19.patch | 82 |
1 files changed, 0 insertions, 82 deletions
diff --git a/201_all_query-logging-bypass-5.0.19.patch b/201_all_query-logging-bypass-5.0.19.patch index 4f0917e..9a9dca7 100644 --- a/201_all_query-logging-bypass-5.0.19.patch +++ b/201_all_query-logging-bypass-5.0.19.patch @@ -224,85 +224,3 @@ diff -Naur -Naur mysql-5.0.19.orig/tests/Makefile.in mysql-5.0.19.new/tests/Make mysql_client_test_SOURCES = mysql_client_test.c $(yassl_dummy_link_fix) insert_test_SOURCES = insert_test.c $(yassl_dummy_link_fix) select_test_SOURCES = select_test.c $(yassl_dummy_link_fix) -diff -Naur -Naur mysql-5.0.19.orig/tests/mysql_client_test.c mysql-5.0.19.new/tests/mysql_client_test.c ---- mysql-5.0.19.orig/tests/mysql_client_test.c 2006-03-04 20:35:20.000000000 +0000 -+++ mysql-5.0.19.new/tests/mysql_client_test.c 2006-04-09 17:55:53.000000000 +0000 -@@ -14823,6 +14823,78 @@ - } - - /* -+ Bug#17667: An attacker has the opportunity to bypass query logging. -+*/ -+static void test_bug17667() -+{ -+ int rc; -+ myheader("test_bug17667"); -+ struct buffer_and_length { -+ const char *buffer; -+ const uint length; -+ } statements[]= { -+ { "drop table if exists bug17667", 29 }, -+ { "create table bug17667 (c varchar(20))", 37 }, -+ { "insert into bug17667 (c) values ('regular') /* NUL=\0 with comment */", 68 }, -+ { "insert into bug17667 (c) values ('NUL=\0 in value')", 50 }, -+ { "insert into bug17667 (c) values ('5 NULs=\0\0\0\0\0')", 48 }, -+ { "/* NUL=\0 with comment */ insert into bug17667 (c) values ('encore')", 67 }, -+ { "drop table bug17667", 19 }, -+ { NULL, 0 } }; -+ /* -+ Note that at this time, the docs say that NUL characters in string literals -+ are illegal. If we ever begin to disallow them, then this test will -+ fail. Note that NULs in comments is a seperate issue, which might still be -+ legal. -+ */ -+ -+ struct buffer_and_length *statement_cursor; -+ FILE *log_file; -+ -+ for (statement_cursor= statements; statement_cursor->buffer != NULL; -+ statement_cursor++) { -+ rc= mysql_real_query(mysql, statement_cursor->buffer, -+ statement_cursor->length); -+ myquery(rc); -+ } -+ -+ sleep(1); /* The server may need time to flush the data to the log. */ -+ log_file= fopen("var/log/master.log", "r"); -+ DIE_UNLESS(log_file != NULL); -+ if (log_file != NULL) { -+ -+ for (statement_cursor= statements; statement_cursor->buffer != NULL; -+ statement_cursor++) { -+ char line_buffer[MAX_TEST_QUERY_LENGTH*2]; -+ /* more than enough room for the query and some marginalia. */ -+ -+ do { -+ memset(line_buffer, '/', MAX_TEST_QUERY_LENGTH*2); -+ -+ DIE_UNLESS(fgets(line_buffer, MAX_TEST_QUERY_LENGTH*2, log_file) != -+ NULL); -+ /* If we reach EOF before finishing the statement list, then we failed. */ -+ -+ } while (my_memmem(line_buffer, MAX_TEST_QUERY_LENGTH*2, -+ statement_cursor->buffer, statement_cursor->length) == NULL); -+ } -+ -+ printf("success. All queries found intact in the log.\n"); -+ -+ } else { -+ fprintf(stderr, "Could not find the log file, var/log/master.log, so " -+ "test_bug17667 is \ninconclusive. Run test from the " -+ "mysql-test/mysql-test-run* program \nto set up the correct " -+ "environment for this test.\n\n"); -+ } -+ -+ if (log_file != NULL) -+ fclose(log_file); -+ -+} -+ -+ -+/* - Bug#14169: type of group_concat() result changed to blob if tmp_table was used - */ - static void test_bug14169() |