Percona Server moved to https://jira.percona.com/projects/PS

Merge lp:~sergei.glushchenko/percona-server/5.6-ps-bug1313696 into lp:percona-server/5.6

  1. 5.6-ps-bug1313696
  2. Merge into 5.6
Proposed by Sergei Glushchenko
Status: Merged
Approved by: Alexey Kopytov
Approved revision: no longer in the source branch.
Merged at revision: 592
Proposed branch: lp:~sergei.glushchenko/percona-server/5.6-ps-bug1313696
Merge into: lp:percona-server/5.6
Diff against target: 204 lines (+47/-109)
3 files modified
mysql-test/include/audit_log_events.inc (+1/-0)
mysql-test/r/audit_log.result (+6/-0)
plugin/audit_log/audit_log.c (+40/-109)
To merge this branch: bzr merge lp:~sergei.glushchenko/percona-server/5.6-ps-bug1313696
Reviewer Review Type Date Requested Status
Alexey Kopytov (community) Approve
Review via email: mp+217635@code.launchpad.net

Description of the change

http://jenkins.percona.com/view/PS%205.6/job/percona-server-5.6-param/597/

Fix XML attribute escaping.

To post a comment you must log in.
Revision history for this message
Sergei Glushchenko (sergei.glushchenko) wrote :

repushed. 5.6 GCA contains audit log plugin. no conflicts

Revision history for this message
Alexey Kopytov (akopytov) :
review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'mysql-test/include/audit_log_events.inc'
2--- mysql-test/include/audit_log_events.inc 2014-04-21 12:07:45 +0000
3+++ mysql-test/include/audit_log_events.inc 2014-05-14 14:46:36 +0000
4@@ -50,4 +50,5 @@
5 connection default;
6 create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
7 drop user 'jeffrey'@'localhost';
8+select '&;&&&""""<><<>>>>';
9 disconnect con1;
10
11=== modified file 'mysql-test/r/audit_log.result'
12--- mysql-test/r/audit_log.result 2014-04-21 12:07:45 +0000
13+++ mysql-test/r/audit_log.result 2014-05-14 14:46:36 +0000
14@@ -68,6 +68,9 @@
15 drop database sa_db;
16 create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
17 drop user 'jeffrey'@'localhost';
18+select '&;&&&""""<><<>>>>';
19+&;&&&""""<><<>>>>
20+&;&&&""""<><<>>>>
21 CREATE TABLE t1 (c1 INT, c2 CHAR(20));
22 CREATE TABLE t1 (c1 INT, c2 CHAR(20));
23 ERROR 42S01: Table 't1' already exists
24@@ -138,3 +141,6 @@
25 drop database sa_db;
26 create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
27 drop user 'jeffrey'@'localhost';
28+select '&;&&&""""<><<>>>>';
29+&;&&&""""<><<>>>>
30+&;&&&""""<><<>>>>
31
32=== modified file 'plugin/audit_log/audit_log.c'
33--- plugin/audit_log/audit_log.c 2014-04-21 12:07:45 +0000
34+++ plugin/audit_log/audit_log.c 2014-05-14 14:46:36 +0000
35@@ -120,85 +120,43 @@
36 const char* base = in;
37 char* outend = out + *outlen;
38 const char* inend;
39-
40- inend = in + (*inlen);
41-
42- while ((in < inend) && (out < outend))
43- {
44- if (*in == '<')
45- {
46- if (outend - out < 4)
47- break;
48- *out++ = '&';
49- *out++ = 'l';
50- *out++ = 't';
51- *out++ = ';';
52- }
53- else if (*in == '>')
54- {
55- if (outend - out < 4)
56- break;
57- *out++ = '&';
58- *out++ = 'g';
59- *out++ = 't';
60- *out++ = ';';
61- }
62- else if (*in == '&')
63- {
64- if (outend - out < 5)
65- break;
66- *out++ = '&';
67- *out++ = 'a';
68- *out++ = 'm';
69- *out++ = 'p';
70- *out++ = ';';
71- }
72- else if (*in == '\r')
73- {
74- if (outend - out < 5)
75- break;
76- *out++ = '&';
77- *out++ = '#';
78- *out++ = '1';
79- *out++ = '3';
80- *out++ = ';';
81- }
82- else
83- {
84- *out++ = *in;
85- }
86- ++in;
87- }
88- *outlen = out - outstart;
89- *inlen = in - base;
90-}
91-
92-
93-static
94-void attr_escape(const char *in, size_t *inlen, char* out, size_t *outlen)
95-{
96- char* outstart = out;
97- const char* base = in;
98- char* outend = out + *outlen;
99- const char* inend;
100-
101- inend = in + (*inlen);
102-
103- while ((in < inend) && (out < outend))
104- {
105- if (*in == '"')
106- {
107- if (outend - out < 2)
108- break;
109- *out++ = '\\';
110- *out++ = '"';
111- }
112- else
113- {
114- *out++ = *in;
115- }
116- ++in;
117- }
118+ size_t i;
119+ my_bool replaced;
120+
121+ const struct {
122+ char symbol;
123+ size_t length;
124+ const char *replace;
125+ } escape[] = {
126+ { '<', 4, "&lt;" },
127+ { '>', 4, "&gt;" },
128+ { '&', 5, "&amp;" },
129+ { '\r', 5, "&#13;" },
130+ { '"', 6, "&quot;" },
131+ };
132+
133+ inend = in + (*inlen);
134+
135+ while ((in < inend) && (out < outend))
136+ {
137+ replaced= FALSE;
138+ for (i= 0; i < array_elements(escape); i++)
139+ {
140+ if (*in == escape[i].symbol)
141+ {
142+ if ((outend - out) < (int) escape[i].length)
143+ goto end_of_buffer;
144+ memcpy(out, escape[i].replace, escape[i].length);
145+ out += escape[i].length;
146+ replaced= TRUE;
147+ break;
148+ }
149+ }
150+ if (!replaced)
151+ *out++ = *in;
152+ ++in;
153+ }
154+end_of_buffer:
155 *outlen = out - outstart;
156 *inlen = in - base;
157 }
158@@ -222,33 +180,6 @@
159 }
160
161 static
162-char *attr_escape_string(const char *in, size_t inlen,
163- char *out, size_t outlen)
164-{
165- if (in != NULL)
166- {
167- --outlen;
168- attr_escape(in, &inlen, out, &outlen);
169- out[outlen]= 0;
170- }
171- else
172- {
173- out= 0;
174- }
175- return out;
176-}
177-
178-static
179-char *escape_string(const char *in, size_t inlen,
180- char *out, size_t outlen)
181-{
182- typedef char *(*escape_func_t)(const char *, size_t, char *, size_t);
183- const escape_func_t escape_func[] = { attr_escape_string, xml_escape_string };
184-
185- return escape_func[audit_log_format](in, inlen, out, outlen);
186-}
187-
188-static
189 void logger_write_safe(LOGGER_HANDLE *log, const char *buffer, size_t size)
190 {
191 static int write_error= 0;
192@@ -412,9 +343,9 @@
193 make_timestamp(timestamp, sizeof(timestamp), t),
194 event->general_sql_command.str,
195 event->general_thread_id, status,
196- escape_string(event->general_query,
197- event->general_query_length,
198- query, sizeof(query)),
199+ xml_escape_string(event->general_query,
200+ event->general_query_length,
201+ query, sizeof(query)),
202 event->general_user,
203 event->general_host.str,
204 event->general_external_user.str,

Subscribers

People subscribed via source and target branches