[MDEV-36245] Long server_audit_file_path causes buffer overflow - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Blocker
Resolution: Fixed
Affects Version/s: 10.5, 10.6, 10.11, 11.4
Fix Version/s: 10.5.29, 10.6.22, 10.11.12, 11.4.6, 11.8.2
Component/s: Plugin - Audit
Labels:
- contribution

Description

Currently, the length of the server_audit_file_path system variable value is
not checked. This can cause a buffer overflow if given a long file path
specifying a directory as a memcpy() is performed to copy the entire file path into a
fixed size buffer, char alt_path_buffer[FN_REFLEN+1+DEFAULT_FILENAME_LEN];

Pull request: https://github.com/MariaDB/server/pull/3874

Attachments

Activity

Ascending order - Click to sort in descending order

Alexey Botchkov added a comment - 2025-04-07 10:14

The patch is basically ok.
Test should be added and one more explanation.

Alexey Botchkov added a comment - 2025-04-07 10:14 The patch is basically ok. Test should be added and one more explanation.

Sergey Vojtovich added a comment - 2025-04-16 15:00

Back to "In Review" as contributor didn't respond and we aim to implement requested changes ourselves.

Sergey Vojtovich added a comment - 2025-04-16 15:00 Back to "In Review" as contributor didn't respond and we aim to implement requested changes ourselves.

People

Assignee:: Alexey Botchkov

Reporter:: Sergey Vojtovich

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Due:: 2025-05-01

Created:: 2025-03-07 20:34

Updated:: 2025-04-19 08:22

Resolved:: 2025-04-19 08:22

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server