1
=== modified file 'mysql-test/include/audit_log_events.inc'
2
--- mysql-test/include/audit_log_events.inc	2014-04-21 12:07:45 +0000
3
+++ mysql-test/include/audit_log_events.inc	2014-05-14 14:46:36 +0000
4
@@ -50,4 +50,5 @@
5
50
connection default;
50
connection default;
6
51
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
51
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
7
52
drop user 'jeffrey'@'localhost';
52
drop user 'jeffrey'@'localhost';
8
53
select '&;&&&""""<><<>>>>';
9
53
disconnect con1;
54
disconnect con1;
10
54
55
11
=== modified file 'mysql-test/r/audit_log.result'
12
--- mysql-test/r/audit_log.result	2014-04-21 12:07:45 +0000
13
+++ mysql-test/r/audit_log.result	2014-05-14 14:46:36 +0000
14
@@ -68,6 +68,9 @@
15
68
drop database sa_db;
68
drop database sa_db;
16
69
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
69
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
17
70
drop user 'jeffrey'@'localhost';
70
drop user 'jeffrey'@'localhost';
18
71
select '&;&&&""""<><<>>>>';
19
72
&;&&&""""<><<>>>>
20
73
&;&&&""""<><<>>>>
21
71
CREATE TABLE t1 (c1 INT, c2 CHAR(20));
74
CREATE TABLE t1 (c1 INT, c2 CHAR(20));
22
72
CREATE TABLE t1 (c1 INT, c2 CHAR(20));
75
CREATE TABLE t1 (c1 INT, c2 CHAR(20));
23
73
ERROR 42S01: Table 't1' already exists
76
ERROR 42S01: Table 't1' already exists
24
@@ -138,3 +141,6 @@
25
138
drop database sa_db;
141
drop database sa_db;
26
139
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
142
create user 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
27
140
drop user 'jeffrey'@'localhost';
143
drop user 'jeffrey'@'localhost';
28
144
select '&;&&&""""<><<>>>>';
29
145
&;&&&""""<><<>>>>
30
146
&;&&&""""<><<>>>>
31
141
147
32
=== modified file 'plugin/audit_log/audit_log.c'
33
--- plugin/audit_log/audit_log.c	2014-04-21 12:07:45 +0000
34
+++ plugin/audit_log/audit_log.c	2014-05-14 14:46:36 +0000
35
@@ -120,85 +120,43 @@
36
120
  const char* base = in;
120
  const char* base = in;
37
121
  char* outend = out + *outlen;
121
  char* outend = out + *outlen;
38
122
  const char* inend;
122
  const char* inend;
118
123
123
  size_t i;
119
124
  inend = in + (*inlen);
124
  my_bool replaced;
120
125
125
121
126
  while ((in < inend) && (out < outend))
126
  const struct {
122
127
  {
127
    char symbol;
123
128
    if (*in == '<')
128
    size_t length;
124
129
    {
129
    const char *replace;
125
130
      if (outend - out < 4)
130
  } escape[] = {
126
131
        break;
131
    { '<',  4, "&lt;" },
127
132
      *out++ = '&';
132
    { '>',  4, "&gt;" },
128
133
      *out++ = 'l';
133
    { '&',  5, "&amp;" },
129
134
      *out++ = 't';
134
    { '\r', 5, "&#13;" },
130
135
      *out++ = ';';
135
    { '"',  6, "&quot;" },
131
136
    }
136
  };
132
137
    else if (*in == '>')
137
133
138
    {
138
  inend = in + (*inlen);
134
139
      if (outend - out < 4)
139
135
140
        break;
140
  while ((in < inend) && (out < outend))
136
141
      *out++ = '&';
141
  {
137
142
      *out++ = 'g';
142
    replaced= FALSE;
138
143
      *out++ = 't';
143
    for (i= 0; i < array_elements(escape); i++)
139
144
      *out++ = ';';
144
    {
140
145
    }
145
      if (*in == escape[i].symbol)
141
146
    else if (*in == '&')
146
      {
142
147
    {
147
        if ((outend - out) < (int) escape[i].length)
143
148
      if (outend - out < 5)
148
          goto end_of_buffer;
144
149
        break;
149
        memcpy(out, escape[i].replace, escape[i].length);
145
150
      *out++ = '&';
150
        out += escape[i].length;
146
151
      *out++ = 'a';
151
        replaced= TRUE;
147
152
      *out++ = 'm';
152
        break;
148
153
      *out++ = 'p';
153
      }
149
154
      *out++ = ';';
154
    }
150
155
    }
155
    if (!replaced)
151
156
    else if (*in == '\r')
156
      *out++ = *in;
152
157
    {
157
    ++in;
153
158
      if (outend - out < 5)
158
  }
154
159
        break;
159
end_of_buffer:
76
160
      *out++ = '&';
77
161
      *out++ = '#';
78
162
      *out++ = '1';
79
163
      *out++ = '3';
80
164
      *out++ = ';';
81
165
    }
82
166
    else
83
167
    {
84
168
      *out++ = *in;
85
169
    }
86
170
    ++in;
87
171
  }
88
172
  *outlen = out - outstart;
89
173
  *inlen = in - base;
90
174
}
91
175
92
176
93
177
static
94
178
void attr_escape(const char *in, size_t *inlen, char* out, size_t *outlen)
95
179
{
96
180
  char* outstart = out;
97
181
  const char* base = in;
98
182
  char* outend = out + *outlen;
99
183
  const char* inend;
100
184
101
185
  inend = in + (*inlen);
102
186
103
187
  while ((in < inend) && (out < outend))
104
188
  {
105
189
    if (*in == '"')
106
190
    {
107
191
      if (outend - out < 2)
108
192
        break;
109
193
      *out++ = '\\';
110
194
      *out++ = '"';
111
195
    }
112
196
    else
113
197
    {
114
198
      *out++ = *in;
115
199
    }
116
200
    ++in;
117
201
  }
155
202
  *outlen = out - outstart;
160
  *outlen = out - outstart;
156
203
  *inlen = in - base;
161
  *inlen = in - base;
157
204
}
162
}
158
@@ -222,33 +180,6 @@
159
222
}
180
}
160
223
181
161
224
static
182
static
162
225
char *attr_escape_string(const char *in, size_t inlen,
163
226
                         char *out, size_t outlen)
164
227
{
165
228
  if (in != NULL)
166
229
  {
167
230
    --outlen;
168
231
    attr_escape(in, &inlen, out, &outlen);
169
232
    out[outlen]= 0;
170
233
  }
171
234
  else
172
235
  {
173
236
    out= 0;
174
237
  }
175
238
  return out;
176
239
}
177
240
178
241
static
179
242
char *escape_string(const char *in, size_t inlen,
180
243
                         char *out, size_t outlen)
181
244
{
182
245
  typedef char *(*escape_func_t)(const char *, size_t, char *, size_t);
183
246
  const escape_func_t escape_func[] = { attr_escape_string, xml_escape_string };
184
247
185
248
  return escape_func[audit_log_format](in, inlen, out, outlen);
186
249
}
187
250
188
251
static
189
252
void logger_write_safe(LOGGER_HANDLE *log, const char *buffer, size_t size)
183
void logger_write_safe(LOGGER_HANDLE *log, const char *buffer, size_t size)
190
253
{
184
{
191
254
  static int write_error= 0;
185
  static int write_error= 0;
192
@@ -412,9 +343,9 @@
193
412
                     make_timestamp(timestamp, sizeof(timestamp), t),
343
                     make_timestamp(timestamp, sizeof(timestamp), t),
194
413
                     event->general_sql_command.str,
344
                     event->general_sql_command.str,
195
414
                     event->general_thread_id, status,
345
                     event->general_thread_id, status,
199
415
                     escape_string(event->general_query,
346
                     xml_escape_string(event->general_query,
200
416
                                   event->general_query_length,
347
                                       event->general_query_length,
201
417
                                   query, sizeof(query)),
348
                                       query, sizeof(query)),
202
418
                     event->general_user,
349
                     event->general_user,
203
419
                     event->general_host.str,
350
                     event->general_host.str,
204
420
                     event->general_external_user.str,
351
                     event->general_external_user.str,
Reviewer	Review Type	Date Requested	Status
Alexey Kopytov (community)		2014-04-29	Approve on 2014-05-15
Review via email: mp+217635@code.launchpad.net