Bug#21813 An attacker has the opportunity to bypass query logging, part2
- Use the "%.*b" format when printing prepared and exeuted prepared statements to the log. - Add test case to check that also prepared statements end up in the query log Bug#14346 Prepared statements corrupting general log/server memory - Use "stmt->query" when logging the newly prepared query instead of "packet" sql/sql_prepare.cc: mysql_stmt_prepare - Use "%.*b" format when printing to log - Print the query from stmt instead of "packet", packet points at the net in/out buffer and has most likely been overwritten when result for prepare was written to client. mysql_stmt_execute - Use "%.*b" format when printing to log - Print the query from thd as the expanded query has been specifially set to be valid also after restore from backup statement tests/mysql_client_test.c: Add tests for bug#21813 to already existing test for bug#17667. Add functionality for also executing prepared statements and making sure they end up in the log as well.
Showing
Please register or sign in to comment