Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-35604

SIGSEGV in filter_query_type | log_statement_ex / auditing

    XMLWordPrintable

Details

    Description

      INSTALL PLUGIN server_audit SONAME 'server_audit';
      SET GLOBAL server_audit_logging=ON;
      --ERROR ER_PARSE_ERROR
      SET STATEMENT max_error_count=1 SELECT 1;
       
      # Cleanup
      UNINSTALL SONAME 'server_audit';
      

      Leads to:

      CS 10.6.21 7372ecc396517839a1546a8c1dd9192711922ef1 (Optimized)

      #0  filter_query_type (query=0x0, kwd=kwd@entry=0x14a6e407ace0 <passwd_keywords>) at /test/10.6_opt/plugin/server_audit/server_audit.c:1786
      #1  0x000014a6e4071f74 in log_statement_ex (cn=cn@entry=0x14a6c81140d8, ev_time=<optimized out>, thd_id=<optimized out>, query=0x14a6c80107c0 "SET STATEMENT max_error_count=1 SELECT 1", query_len=40, error_code=1064, take_lock=1, type=0x14a6e40770f8 "QUERY") at /test/10.6_opt/plugin/server_audit/server_audit.c:1861
      #2  0x000014a6e40735e7 in log_statement (type=0x14a6e40770f8 "QUERY", event=0x14a6e40c7410, cn=0x14a6c81140d8) at /test/10.6_opt/plugin/server_audit/server_audit.c:2306
      #3  auditing (thd=<optimized out>, event_class=0, ev=0x14a6e40c7410) at /test/10.6_opt/plugin/server_audit/server_audit.c:2306
      #4  0x000055dad5ddee0e in plugins_dispatch (arg=0x14a6e40c72f0, plugin=<optimized out>, thd=0x14a6c8000c58) at /test/10.6_opt/sql/sql_audit.cc:401
      #5  mysql_audit_notify (thd=thd@entry=0x14a6c8000c58, event_class=event_class@entry=0, event=event@entry=0x14a6e40c7410) at /test/10.6_opt/sql/sql_audit.cc:440
      #6  0x000055dad5cce461 in mysql_audit_general (msg=<optimized out>, error_code=<optimized out>, event_subtype=3, thd=0x14a6c8000c58) at /test/10.6_opt/sql/sql_audit.h:192
      #7  mysql_audit_general (msg=<optimized out>, error_code=<optimized out>, event_subtype=3, thd=0x14a6c8000c58) at /test/10.6_opt/sql/sql_audit.h:152
      #8  dispatch_command (command=COM_QUERY, thd=0x14a6c8000c58, packet=<optimized out>, packet_length=<optimized out>, blocking=<optimized out>) at /test/10.6_opt/sql/sql_parse.cc:2454
      #9  0x000055dad5cd0f89 in do_command (thd=thd@entry=0x14a6c8000c58, blocking=blocking@entry=true) at /test/10.6_opt/sql/sql_parse.cc:1422
      #10 0x000055dad5de15f5 in do_handle_one_connection (connect=<optimized out>, connect@entry=0x55dad938e378, put_in_cache=put_in_cache@entry=true) at /test/10.6_opt/sql/sql_connect.cc:1386
      #11 0x000055dad5de18fd in handle_one_connection (arg=0x55dad938e378) at /test/10.6_opt/sql/sql_connect.cc:1298
      #12 0x000014a6e54ad609 in start_thread (arg=<optimized out>) at pthread_create.c:477
      #13 0x000014a6e507e133 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
      

      Bug confirmed present in:
      MariaDB: 10.6.21 (dbg), 10.6.21 (opt)

      Bug (or feature/syntax) confirmed not present in:
      MariaDB: 10.5.28 (dbg), 10.5.28 (opt), 10.11.11 (dbg), 10.11.11 (opt), 11.4.5 (dbg), 11.4.5 (opt), 11.7.1 (dbg), 11.7.1 (opt), 11.8.0 (dbg), 11.8.0 (opt)

      The issue occurs after this commit

      commit 5c86f3df33dc972acfc3665025c25d6430887569 (HEAD)
      Author: Oleksandr Byelkin <sanja@mariadb.com>
      Date:   Fri Nov 29 11:45:01 2024 +0100
       
          MDEV-35522: MariaDB Audit does not detect all DCLs forms when masking password
          
          1. skip OR REPLACE
           (to make it filter_query_type made recursive)
          
          2. skip SET STATEMENT ... FOR before checking
          statements with passwords
      

      Attachments

        Issue Links

          Activity

            People

              sanja Oleksandr Byelkin
              ramesh Ramesh Sivaraman
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.