• Staale Smedseng's avatar
    Bug #45790 Potential DoS vector: Writing of user input to log · 3cd431d5
    Staale Smedseng authored
    without proper formatting
          
    The problem is that a suitably crafted database identifier
    supplied to COM_CREATE_DB or COM_DROP_DB can cause a SIGSEGV,
    and thereby a denial of service. The database name is printed
    to the log without using a format string, so potential
    attackers can control the behavior of my_b_vprintf() by
    supplying their own format string. A CREATE or DROP privilege
    would be required.
          
    This patch supplies a format string to the printing of the
    database name. A test case is added to mysql_client_test.
    
    
    sql/sql_parse.cc:
      Added format strings.
    tests/mysql_client_test.c:
      Added new test case.
    3cd431d5
mysql_client_test.c 456 KB