path: root/databases/mysql4-server/patches/patch-bd

$NetBSD: patch-bd,v 1.2 2006/08/31 12:42:42 seb Exp $

--- tests/mysql_client_test.c.orig	2006-07-19 15:10:41.000000000 +0000
+++ tests/mysql_client_test.c
@@ -22,6 +22,7 @@
 ***************************************************************************/
 
 #include <my_global.h>
+#include <mysqld_error.h>
 #include <my_sys.h>
 #include <mysql.h>
 #include <errmsg.h>
@@ -11855,6 +11856,48 @@ static void test_bug15613()
   mysql_stmt_close(stmt);
 }
 
+/*
+  Bug #17667: An attacker has the opportunity to bypass query logging.
+ */
+
+static void test_bug17667()
+{
+  NET *net= &mysql->net;
+  int rc;
+  myheader("test_bug17667");
+
+  /* I. Prepare the table */
+  mysql_real_query(mysql,     "drop table if exists t1", 23);
+
+  rc= mysql_real_query(mysql, "create table t1 (i int)", 23);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into t1 (i) values (1)", 29);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into /* NUL=\0 */ t1 (i) values (2)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "/* NUL=\0 */ insert into t1 (i) values (3)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "insert into /* TAB=\t */ t1 (i) values (4)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "/* TAB=\t */ insert into t1 (i) values (5)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  /* II. Cleanup */
+  rc= mysql_real_query(mysql, "drop table t1", 13);
+  myquery(rc);
+}
+
 
 /*
  Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer
@@ -12130,6 +12173,7 @@ static struct my_tests_st my_tests[]= {
   { "test_bug11718", test_bug11718 },
   { "test_bug12925", test_bug12925 },
   { "test_bug15613", test_bug15613 },
+  { "test_bug17667", test_bug17667 },
   { "test_bug20152", test_bug20152 },
   { 0, 0 }
 };