[MDEV-8078] Memory disclosure/buffer overread on audit plugin Created: 2015-04-29  Updated: 2015-06-07  Resolved: 2015-06-07

Status: Closed
Project: MariaDB Server
Component/s: Plugin - Audit
Affects Version/s: N/A
Fix Version/s: 5.5.44

Type: Bug Priority: Critical
Reporter: Hans-Joachim Kliemeck Assignee: Alexey Botchkov
Resolution: Fixed Votes: 0
Labels: audit, server_audit, verified

Sprint: 5.5.44

 Description   

after executing a query, a buffer overread is happening while writing the query on the audit file. this bug will happen with the current version (1.3.0)

the query looks like: SET PASSWORD FOR `monitor`@`localhost` = password('test123');
the output looks like: 20150429 11:54:31,hostname123,root,localhost,109,442,QUERY,,'SET PASSWORD FOR `monitor`@`localhost`=<secret>*****�)1P��)root)�-��XM.localhost

 Comments   
Comment by Elena Stepanova [ 2015-04-29 ]

Hi,

Does it happen always for you, on any SET PASSWORD command?
You've set version 5.5.43, do you mean MySQL 5.5.43, or do you build from sources?
If you mean MySQL 5.5.43, where did you get the audit plugin binary that you are using?
How do you install the plugin?

Please paste or attach the output of SHOW VARIABLES.

Comment by Hans-Joachim Kliemeck [ 2015-04-29 ]

Does it happen always for you, on any SET PASSWORD command?
yes

You've set version 5.5.43, do you mean MySQL 5.5.43, or do you build from sources?
i have build the plugin from mariadb sources. i'm using mysql 5.6.19 and the version of server audit plugin version (1.3.0) that was introduced by MDEV-7596, git commit e428c809d7e2176834ed9889483643e4ef2c2c2b. i chose 5.5.43 because that is the fix version of MDEV-7596

Please paste or attach the output of SHOW VARIABLES.
i have extracted the relevant parts: http://pastebin.com/9y9mBhXL

Comment by Elena Stepanova [ 2015-04-29 ]

Thanks for clarification.

The problem is reproducible with the current version of the plugin from 5.5 tree and MySQL server 5.6 (including 5.6.24).
Not reproducible with MariaDB server 5.5 or MySQL server 5.5.

To reproduce, the following is enough:

install plugin server_audit soname 'server_audit.so';
 
set global server_audit_logging=ON;
 
create user `monitor`@`localhost`;
 
SET PASSWORD FOR `monitor`@`localhost` = password('test123'); 
# check the audit log

Comment by Alexey Botchkov [ 2015-06-07 ]

Fixing patch http://lists.askmonty.org/pipermail/commits/2015-June/008010.html

Generated at Thu Feb 08 07:24:28 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.