diff options
| author | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:05:41 +0400 |
|---|---|---|
| committer | Alexey Botchkov <holyfoot@askmonty.org> | 2017-11-03 17:05:41 +0400 |
| commit | 2e964b233b151b8a3d9c3120660f42acc9a30eb1 (patch) | |
| tree | 1d71bc3aa7b4a5db55a38507d38c998f5d4f9fc7 /plugin | |
| parent | cfb33617481878ddf684d7a9567e7368aac76681 (diff) | |
| download | mariadb-git-2e964b233b151b8a3d9c3120660f42acc9a30eb1.tar.gz | |
MDEV-13921 Audit log writes invalid SQL if single-line comments are
present.
Escape special characters (like \r \n \t) instead of
replacing them with spaces.
Diffstat (limited to 'plugin')
| -rw-r--r-- | plugin/server_audit/server_audit.c | 39 |
1 files changed, 21 insertions, 18 deletions
diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c index ad2a4618514..dc8475cf280 100644 --- a/plugin/server_audit/server_audit.c +++ b/plugin/server_audit/server_audit.c @@ -1122,6 +1122,21 @@ do { \ } while(0) +#define ESC_MAP_SIZE 0x60 +static const char esc_map[ESC_MAP_SIZE]= +{ + 0, 0, 0, 0, 0, 0, 0, 0, 'b', 't', 'n', 0, 'f', 'r', 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, '\'', 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, '\\', 0, 0, 0 +}; + +static char escaped_char(char c) +{ + return ((unsigned char ) c) >= ESC_MAP_SIZE ? 0 : esc_map[(unsigned char) c]; +} static void setup_connection_initdb(struct connection_info *cn, @@ -1328,21 +1343,16 @@ static size_t escape_string(const char *str, unsigned int len, const char *res_end= result + result_len - 2; while (len) { + char esc_c; + if (result >= res_end) break; - if (*str == '\'') + if ((esc_c= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= esc_c; } else if (is_space(*str)) *(result++)= ' '; @@ -1431,19 +1441,12 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len, no_password: if (result >= res_end) break; - if (*str == '\'') - { - if (result+1 >= res_end) - break; - *(result++)= '\\'; - *(result++)= '\''; - } - else if (*str == '\\') + if ((b_char= escaped_char(*str))) { if (result+1 >= res_end) break; *(result++)= '\\'; - *(result++)= '\\'; + *(result++)= b_char; } else if (is_space(*str)) *(result++)= ' '; |