Commit ffa01d44 authored by unknown's avatar unknown
Browse files

Merge neptunus.(none):/home/msvensson/mysql/bug21813/my50-bug21813 

into  neptunus.(none):/home/msvensson/mysql/mysql-5.0-maint


tests/mysql_client_test.c:
  SCCS merged
parents a10a5cb6 d4075f66

sql/sql_prepare.cc

+4 −2
Original line number Diff line number Diff line
@@ -1877,7 +1877,8 @@ void mysql_stmt_prepare(THD *thd, const char *packet, uint packet_length) 
    thd->stmt_map.erase(stmt);

  }

  else

    mysql_log.write(thd, COM_STMT_PREPARE, "[%lu] %s", stmt->id, packet);

    mysql_log.write(thd, COM_STMT_PREPARE, "[%lu] %.*b", stmt->id,

                    stmt->query_length, stmt->query);



  /* check_prepared_statemnt sends the metadata packet in case of success */

  DBUG_VOID_RETURN;
@@ -2252,7 +2253,8 @@ void mysql_stmt_execute(THD *thd, char *packet_arg, uint packet_length) 
  if (!(specialflag & SPECIAL_NO_PRIOR))

    my_pthread_setprio(pthread_self(), WAIT_PRIOR);

  if (error == 0)

    mysql_log.write(thd, COM_STMT_EXECUTE, "[%lu] %s", stmt->id, thd->query);

    mysql_log.write(thd, COM_STMT_EXECUTE, "[%lu] %.*b", stmt->id,

                    thd->query_length, thd->query);



  DBUG_VOID_RETURN;

tests/mysql_client_test.c

+66 −21
Original line number Diff line number Diff line
@@ -14912,22 +14912,31 @@ static void test_bug15613() 


/*

  Bug#17667: An attacker has the opportunity to bypass query logging.



  Note! Also tests Bug#21813, where prepared statements are used to

  run queries

*/

static void test_bug17667()

{

  int rc;

  MYSQL_STMT *stmt;

  enum query_type { QT_NORMAL, QT_PREPARED};

  struct buffer_and_length {

    enum query_type qt;

    const char *buffer;

    const uint length;

  } statements[]= {

    { "drop table if exists bug17667", 29 },

    { "create table bug17667 (c varchar(20))", 37 },

    { "insert into bug17667 (c) values ('regular') /* NUL=\0 with comment */", 68 },

    { "insert into bug17667 (c) values ('NUL=\0 in value')", 50 },

    { "insert into bug17667 (c) values ('5 NULs=\0\0\0\0\0')", 48 },

    { "/* NUL=\0 with comment */ insert into bug17667 (c) values ('encore')", 67 },

    { "drop table bug17667", 19 },

    { NULL, 0 } };

    { QT_NORMAL, "drop table if exists bug17667", 29 },

    { QT_NORMAL, "create table bug17667 (c varchar(20))", 37 },

    { QT_NORMAL, "insert into bug17667 (c) values ('regular') /* NUL=\0 with comment */", 68 },

    { QT_PREPARED,

      "insert into bug17667 (c) values ('prepared') /* NUL=\0 with comment */", 69, },

    { QT_NORMAL, "insert into bug17667 (c) values ('NUL=\0 in value')", 50 },

    { QT_NORMAL, "insert into bug17667 (c) values ('5 NULs=\0\0\0\0\0')", 48 },

    { QT_PREPARED, "insert into bug17667 (c) values ('6 NULs=\0\0\0\0\0\0')", 50 },

    { QT_NORMAL, "/* NUL=\0 with comment */ insert into bug17667 (c) values ('encore')", 67 },

    { QT_NORMAL, "drop table bug17667", 19 },

    { QT_NORMAL, NULL, 0 } };



  struct buffer_and_length *statement_cursor;

  FILE *log_file;
@@ -14937,10 +14946,37 @@ static void test_bug17667() 


  for (statement_cursor= statements; statement_cursor->buffer != NULL;

      statement_cursor++) {

    if (statement_cursor->qt == QT_NORMAL)

    {

      /* Run statement as normal query */

      rc= mysql_real_query(mysql, statement_cursor->buffer,

                           statement_cursor->length);

      myquery(rc);

    }

    else if (statement_cursor->qt == QT_PREPARED)

    {

      /*

         Run as prepared statement



         NOTE! All these queries should be in the log twice,

         one time for prepare and one time for execute

      */

      stmt= mysql_stmt_init(mysql);



      rc= mysql_stmt_prepare(stmt, statement_cursor->buffer,

                             statement_cursor->length);

      check_execute(stmt, rc);



      rc= mysql_stmt_execute(stmt);

      check_execute(stmt, rc);



      mysql_stmt_close(stmt);

    }

    else

    {

      assert(0==1);

    }

  }



  /* Make sure the server has written the logs to disk before reading it */

  rc= mysql_query(mysql, "flush logs");
@@ -14957,9 +14993,17 @@ static void test_bug17667() 


    for (statement_cursor= statements; statement_cursor->buffer != NULL;

        statement_cursor++) {

      int expected_hits= 1, hits= 0;

      char line_buffer[MAX_TEST_QUERY_LENGTH*2];

      /* more than enough room for the query and some marginalia. */



      /* Prepared statments always occurs twice in log */

      if (statement_cursor->qt == QT_PREPARED)

        expected_hits++;



      /* Loop until we found expected number of log entries */

      do {

        /* Loop until statement is found in log */

        do {

          memset(line_buffer, '/', MAX_TEST_QUERY_LENGTH*2);
@@ -14968,16 +15012,17 @@ static void test_bug17667() 
            /* If fgets returned NULL, it indicates either error or EOF */

            if (feof(log_file))

              DIE("Found EOF before all statements where found");

          else

          {



            fprintf(stderr, "Got error %d while reading from file\n",

                    ferror(log_file));

            DIE("Read error");

          }

        }



        } while (my_memmem(line_buffer, MAX_TEST_QUERY_LENGTH*2,

            statement_cursor->buffer, statement_cursor->length) == NULL);

                           statement_cursor->buffer,

                           statement_cursor->length) == NULL);

        hits++;

      } while (hits < expected_hits);



      printf("Found statement starting with \"%s\"\n",

             statement_cursor->buffer);