$NetBSD: patch-bd,v 1.5 2008/03/26 13:22:00 wiz Exp $ --- tests/mysql_client_test.c.orig 2006-11-03 04:15:21.000000000 +0200 +++ tests/mysql_client_test.c 2007-05-23 08:25:53.000000000 +0300 @@ -22,6 +22,7 @@ ***************************************************************************/ #include +#include #include #include #include @@ -11856,6 +11857,48 @@ mysql_stmt_close(stmt); } +/* + Bug #17667: An attacker has the opportunity to bypass query logging. + */ + +static void test_bug17667() +{ + NET *net= &mysql->net; + int rc; + myheader("test_bug17667"); + + /* I. Prepare the table */ + mysql_real_query(mysql, "drop table if exists t1", 23); + + rc= mysql_real_query(mysql, "create table t1 (i int)", 23); + myquery(rc); + DIE_UNLESS(net->last_errno == 0); + + mysql_real_query(mysql, "insert into t1 (i) values (1)", 29); + myquery(rc); + DIE_UNLESS(net->last_errno == 0); + + mysql_real_query(mysql, "insert into /* NUL=\0 */ t1 (i) values (2)", 41); + myquery(rc); + DIE_UNLESS(net->last_errno == ER_PARSE_ERROR); + + mysql_real_query(mysql, "/* NUL=\0 */ insert into t1 (i) values (3)", 41); + myquery(rc); + DIE_UNLESS(net->last_errno == ER_PARSE_ERROR); + + mysql_real_query(mysql, "insert into /* TAB=\t */ t1 (i) values (4)", 41); + myquery(rc); + DIE_UNLESS(net->last_errno == 0); + + mysql_real_query(mysql, "/* TAB=\t */ insert into t1 (i) values (5)", 41); + myquery(rc); + DIE_UNLESS(net->last_errno == 0); + + /* II. Cleanup */ + rc= mysql_real_query(mysql, "drop table t1", 13); + myquery(rc); +} + /* Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer @@ -12170,6 +12213,7 @@ { "test_bug11718", test_bug11718 }, { "test_bug12925", test_bug12925 }, { "test_bug15613", test_bug15613 }, + { "test_bug17667", test_bug17667 }, { "test_bug20152", test_bug20152 }, { "test_bug21726", test_bug21726 }, { 0, 0 }