path: root/databases/mysql4-server/patches/patch-bd

$NetBSD: patch-bd,v 1.3 2007/05/23 08:11:51 martti Exp $

--- tests/mysql_client_test.c.orig	2006-11-03 04:15:21.000000000 +0200
+++ tests/mysql_client_test.c	2007-05-23 08:57:25.000000000 +0300
@@ -22,6 +22,7 @@
 ***************************************************************************/
 
 #include <my_global.h>
+#include <mysqld_error.h>
 #include <my_sys.h>
 #include <mysql.h>
 #include <errmsg.h>
@@ -11856,6 +11857,48 @@
   mysql_stmt_close(stmt);
 }
 
+/*
+  Bug #17667: An attacker has the opportunity to bypass query logging.
+ */
+
+static void test_bug17667()
+{
+  NET *net= &mysql->net;
+  int rc;
+  myheader("test_bug17667");
+
+  /* I. Prepare the table */
+  mysql_real_query(mysql,     "drop table if exists t1", 23);
+
+  rc= mysql_real_query(mysql, "create table t1 (i int)", 23);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into t1 (i) values (1)", 29);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into /* NUL=\0 */ t1 (i) values (2)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "/* NUL=\0 */ insert into t1 (i) values (3)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "insert into /* TAB=\t */ t1 (i) values (4)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "/* TAB=\t */ insert into t1 (i) values (5)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  /* II. Cleanup */
+  rc= mysql_real_query(mysql, "drop table t1", 13);
+  myquery(rc);
+}
+
 
 /*
  Bug#20152: mysql_stmt_execute() writes to MYSQL_TYPE_DATE buffer
@@ -12170,6 +12213,7 @@
   { "test_bug11718", test_bug11718 },
   { "test_bug12925", test_bug12925 },
   { "test_bug15613", test_bug15613 },
+  { "test_bug17667", test_bug17667 },
   { "test_bug20152", test_bug20152 },
   { "test_bug21726", test_bug21726 },
   { 0, 0 }