MDEV-13921 Audit log writes invalid SQL if single-line comments are

present. Escape special characters (like \r \n \t) instead of replacing them with spaces.
MariaDB · Nov 3, 2017 · 3a3f132 · 3a3f132
1 parent 5d0153c
commit 3a3f132
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 22 deletions.
diff --git a/mysql-test/suite/plugins/r/server_audit.result b/mysql-test/suite/plugins/r/server_audit.result
@@ -47,6 +47,7 @@ alter table t1 rename renamed_t1;
 set global server_audit_events='connect,query';
 select 1,
 2,
+# comment
 3;
 1	2	3
 1	2	3
@@ -161,7 +162,9 @@ id
 2
 CREATE USER u1 IDENTIFIED BY 'pwd-123';
 GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
-SET PASSWORD FOR u1 = PASSWORD('pwd 098');
+SET PASSWORD 
+# comment
+FOR u1 = PASSWORD('pwd 098');
 SET PASSWORD FOR u1=<secret>;
 ERROR 42000: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '<secret>' at line 1
 CREATE USER u3 IDENTIFIED BY '';
@@ -253,7 +256,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,WRITE,mysql,index_stats,
 TIME,HOSTNAME,root,localhost,ID,ID,RENAME,test,t1|test.renamed_t1,
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'alter table t1 rename renamed_t1',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'set global server_audit_events=\'connect,query\'',0
-TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select 1, 2, 3',0
+TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select 1,\n2,\n# comment\n3',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'insert into t2 values (1), (2)',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select * from t2',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,test,'select * from t_doesnt_exist',ID
@@ -336,7 +339,7 @@ TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'/*! select 2*/',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'/*comment*/ select 2',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u1 IDENTIFIED BY *****',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'GRANT ALL ON sa_db TO u2 IDENTIFIED BY *****',0
-TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1 = PASSWORD(*****)',0
+TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD \n# comment\nFOR u1 = PASSWORD(*****)',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'SET PASSWORD FOR u1=<secret>',ID
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'CREATE USER u3 IDENTIFIED BY *****',0
 TIME,HOSTNAME,root,localhost,ID,ID,QUERY,sa_db,'drop user u1, u2, u3',0

diff --git a/mysql-test/suite/plugins/t/server_audit.test b/mysql-test/suite/plugins/t/server_audit.test
@@ -38,6 +38,7 @@ alter table t1 rename renamed_t1;
 set global server_audit_events='connect,query';
 select 1,
         2,
+# comment
         3;
 insert into t2 values (1), (2);
 select * from t2;
@@ -106,7 +107,9 @@ insert into t1 values (1), (2);
 select * from t1;
 CREATE USER u1 IDENTIFIED BY 'pwd-123';
 GRANT ALL ON sa_db TO u2 IDENTIFIED BY "pwd-321";
-SET PASSWORD FOR u1 = PASSWORD('pwd 098');
+SET PASSWORD 
+# comment
+FOR u1 = PASSWORD('pwd 098');
 --error 1064
 SET PASSWORD FOR u1=<secret>;
 CREATE USER u3 IDENTIFIED BY '';

diff --git a/plugin/server_audit/server_audit.c b/plugin/server_audit/server_audit.c
@@ -1121,6 +1121,21 @@ do { \
 } while(0)
 
 
+#define ESC_MAP_SIZE 0x60
+static const char esc_map[ESC_MAP_SIZE]=
+{
+  0, 0, 0, 0, 0, 0, 0, 0, 'b', 't', 'n', 0, 'f', 'r', 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, '\'', 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+  0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, '\\', 0, 0, 0
+};
+
+static char escaped_char(char c)
+{
+  return ((unsigned char ) c) >= ESC_MAP_SIZE ? 0 : esc_map[(unsigned char) c];
+}
 
 
 static void setup_connection_initdb(struct connection_info *cn,
@@ -1327,21 +1342,16 @@ static size_t escape_string(const char *str, unsigned int len,
   const char *res_end= result + result_len - 2;
   while (len)
   {
+    char esc_c;
+
     if (result >= res_end)
       break;
-    if (*str == '\'')
+    if ((esc_c= escaped_char(*str)))
     {
       if (result+1 >= res_end)
         break;
       *(result++)= '\\';
-      *(result++)= '\'';
-    }
-    else if (*str == '\\')
-    {
-      if (result+1 >= res_end)
-        break;
-      *(result++)= '\\';
-      *(result++)= '\\';
+      *(result++)= esc_c;
     }
     else if (is_space(*str))
       *(result++)= ' ';
@@ -1430,19 +1440,12 @@ static size_t escape_string_hide_passwords(const char *str, unsigned int len,
 no_password:
     if (result >= res_end)
       break;
-    if (*str == '\'')
-    {
-      if (result+1 >= res_end)
-        break;
-      *(result++)= '\\';
-      *(result++)= '\'';
-    }
-    else if (*str == '\\')
+    if ((b_char= escaped_char(*str)))
     {
       if (result+1 >= res_end)
         break;
       *(result++)= '\\';
-      *(result++)= '\\';
+      *(result++)= b_char;
     }
     else if (is_space(*str))
       *(result++)= ' ';