[MDEV-36245] Long server_audit_file_path causes buffer overflow - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.4
Fix Version/s: 10.5.29, 10.6.22, 10.11.12, 11.4.6, 11.8.2
Component/s: Plugin - Audit
Labels:
- contribution

Description

Currently, the length of the server_audit_file_path system variable value is
not checked. This can cause a buffer overflow if given a long file path
specifying a directory as a memcpy() is performed to copy the entire file path into a
fixed size buffer, char alt_path_buffer[FN_REFLEN+1+DEFAULT_FILENAME_LEN];

Pull request: https://github.com/MariaDB/server/pull/3874

Attachments

Activity

Ascending order - Click to sort in descending order

Sergey Vojtovich created issue - 2025-03-07 20:34

Sergey Vojtovich made changes - 2025-03-07 20:38

Field	Original Value	New Value
Status	Open [ 1 ]	In Progress [ 3 ]

Sergey Vojtovich made changes - 2025-03-07 20:38

Status

In Progress [ 3 ]

In Testing [ 10301 ]

Sergey Vojtovich made changes - 2025-03-07 20:38

Status

In Testing [ 10301 ]

Stalled [ 10000 ]

Sergey Vojtovich made changes - 2025-03-07 20:38

Status

Stalled [ 10000 ]

In Testing [ 10301 ]

Sergey Vojtovich made changes - 2025-03-07 20:38

Status

In Testing [ 10301 ]

Stalled [ 10000 ]

Sergey Vojtovich made changes - 2025-03-07 20:38

Assignee	Sergey Vojtovich [ svoj ]	Alexey Botchkov [ holyfoot ]
Status	Stalled [ 10000 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2025-03-08 12:36

Priority

Major [ 3 ]

Blocker [ 1 ]

Sergei Golubchik made changes - 2025-03-08 12:36

Affects Version/s		10.5 [ 23123 ]
Affects Version/s		10.6 [ 24028 ]
Affects Version/s		10.11 [ 27614 ]
Affects Version/s		11.4 [ 29301 ]

Sergei Golubchik made changes - 2025-03-08 12:36

Fix Version/s		10.6 [ 24028 ]
Fix Version/s		10.11 [ 27614 ]
Fix Version/s		11.4 [ 29301 ]
Fix Version/s		11.8 [ 29921 ]

Alexey Botchkov added a comment - 2025-04-07 10:14

The patch is basically ok.
Test should be added and one more explanation.

Alexey Botchkov added a comment - 2025-04-07 10:14 The patch is basically ok. Test should be added and one more explanation.

Alexey Botchkov made changes - 2025-04-07 10:14

Status

In Review [ 10002 ]

Stalled [ 10000 ]

Sergey Vojtovich made changes - 2025-04-16 14:58

Assignee

Alexey Botchkov [ holyfoot ]

Sergey Vojtovich [ svoj ]

Sergey Vojtovich added a comment - 2025-04-16 15:00

Back to "In Review" as contributor didn't respond and we aim to implement requested changes ourselves.

Sergey Vojtovich added a comment - 2025-04-16 15:00 Back to "In Review" as contributor didn't respond and we aim to implement requested changes ourselves.

Sergey Vojtovich made changes - 2025-04-16 15:00

Assignee	Sergey Vojtovich [ svoj ]	Alexey Botchkov [ holyfoot ]
Status	Stalled [ 10000 ]	In Review [ 10002 ]

Sergei Golubchik made changes - 2025-04-19 08:22

Fix Version/s		10.5.29 [ 29996 ]
Fix Version/s		10.6.22 [ 29997 ]
Fix Version/s		10.11.12 [ 29998 ]
Fix Version/s		11.4.6 [ 29999 ]
Fix Version/s		11.8.2 [ 30001 ]
Fix Version/s	10.5 [ 23123 ]
Fix Version/s	10.6 [ 24028 ]
Fix Version/s	10.11 [ 27614 ]
Fix Version/s	11.4 [ 29301 ]
Fix Version/s	11.8 [ 29921 ]
Resolution		Fixed [ 1 ]
Status	In Review [ 10002 ]	Closed [ 6 ]

People

Assignee:: Alexey Botchkov

Reporter:: Sergey Vojtovich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 2025-05-01

Created:: 2025-03-07 20:34

Updated:: 2025-04-19 08:22

Resolved:: 2025-04-19 08:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.