Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
N/A
-
5.5.44
Description
after executing a query, a buffer overread is happening while writing the query on the audit file. this bug will happen with the current version (1.3.0)
the query looks like: SET PASSWORD FOR `monitor`@`localhost` = password('test123');
the output looks like: 20150429 11:54:31,hostname123,root,localhost,109,442,QUERY,,'SET PASSWORD FOR `monitor`@`localhost`=<secret>*****�)1P��)root)�-��XM.localhost
Attachments
Activity
Does it happen always for you, on any SET PASSWORD command?
yes
You've set version 5.5.43, do you mean MySQL 5.5.43, or do you build from sources?
i have build the plugin from mariadb sources. i'm using mysql 5.6.19 and the version of server audit plugin version (1.3.0) that was introduced by MDEV-7596, git commit e428c809d7e2176834ed9889483643e4ef2c2c2b. i chose 5.5.43 because that is the fix version of MDEV-7596
Please paste or attach the output of SHOW VARIABLES.
i have extracted the relevant parts: http://pastebin.com/9y9mBhXL
Thanks for clarification.
The problem is reproducible with the current version of the plugin from 5.5 tree and MySQL server 5.6 (including 5.6.24).
Not reproducible with MariaDB server 5.5 or MySQL server 5.5.
To reproduce, the following is enough:
install plugin server_audit soname 'server_audit.so'; |
set global server_audit_logging=ON; |
create user `monitor`@`localhost`; |
SET PASSWORD FOR `monitor`@`localhost` = password('test123'); |
# check the audit log |
Hi,
Does it happen always for you, on any SET PASSWORD command?
You've set version 5.5.43, do you mean MySQL 5.5.43, or do you build from sources?
If you mean MySQL 5.5.43, where did you get the audit plugin binary that you are using?
How do you install the plugin?
Please paste or attach the output of SHOW VARIABLES.