[MDEV-36245] Long server_audit_file_path causes buffer overflow - Jira

Details

Type: Bug
Status: In Review (View Workflow)
Priority: Blocker
Resolution: Unresolved
Affects Version/s: 10.5, 10.6, 10.11, 11.4
Fix Version/s: 10.5, 10.6, 10.11, 11.4, 11.8
Component/s: Plugin - Audit
Labels:
- contribution

Description

Currently, the length of the server_audit_file_path system variable value is
not checked. This can cause a buffer overflow if given a long file path
specifying a directory as a memcpy() is performed to copy the entire file path into a
fixed size buffer, char alt_path_buffer[FN_REFLEN+1+DEFAULT_FILENAME_LEN];

Pull request: https://github.com/MariaDB/server/pull/3874

Attachments

Activity

People

Assignee:: Alexey Botchkov

Reporter:: Sergey Vojtovich

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Due:: 2025-05-01

Created:: 2025-03-07 20:34

Updated:: 2025-03-08 12:36

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server