[MDEV-36245] Long server_audit_file_path causes buffer overflow - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.4
Fix Version/s: 10.5.29, 10.6.22, 10.11.12, 11.4.6, 11.8.2
Component/s: Plugin - Audit
Labels:
- contribution

Description

Currently, the length of the server_audit_file_path system variable value is
not checked. This can cause a buffer overflow if given a long file path
specifying a directory as a memcpy() is performed to copy the entire file path into a
fixed size buffer, char alt_path_buffer[FN_REFLEN+1+DEFAULT_FILENAME_LEN];

Pull request: https://github.com/MariaDB/server/pull/3874

Attachments

Activity

Transition	Time In Source Status	Execution Times

Sergey Vojtovich made transition - 2025-03-07 20:38

Open

In Progress

3m 33s

Sergey Vojtovich made transition - 2025-03-07 20:38

In Progress

In Testing

Sergey Vojtovich made transition - 2025-03-07 20:38

Stalled

In Testing

Sergey Vojtovich made transition - 2025-03-07 20:38

In Testing

Stalled

13s

Alexey Botchkov made transition - 2025-04-07 10:14

In Review

Stalled

30d 13h 36m

Sergey Vojtovich made transition - 2025-04-16 15:00

Stalled

In Review

9d 4h 45m

Sergei Golubchik made transition - 2025-04-19 08:22

In Review

Closed

2d 17h 21m

People

Assignee:: Alexey Botchkov

Reporter:: Sergey Vojtovich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 2025-05-01

Created:: 2025-03-07 20:34

Updated:: 2025-04-19 08:22

Resolved:: 2025-04-19 08:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server

Details

Description

Attachments

Activity

People

Dates

Git Integration