safe guards regarding checking for record objs. issue #29.

pull/36/head
Guy Lichtman 2013-01-12 10:53:48 +02:00
parent e4871f5305
commit af0a366267
2 changed files with 23 additions and 18 deletions

View File

@ -35,7 +35,8 @@ typedef size_t OFFSET;
#define MAX_COM_STATUS_VARS_RECORDS 512
#define MAX_OBJECT_CHAR_NUMBERS 130
//mysql max identifier is 64 so 2*64 + . and null
#define MAX_OBJECT_CHAR_NUMBERS 131
#define MAX_USER_CHAR_NUMBERS 20
const char * retrieve_user (THD * thd);
#define MAX_NUM_OBJECT_ELEM 256

View File

@ -654,23 +654,27 @@ static void audit(ThdSesData *pThdData)
while (table && !matched) {
char *name = table->get_table_name();
char *db = table->get_db_name();
char db_obj[MAX_OBJECT_CHAR_NUMBERS];
char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS];
char db_wildcard[MAX_OBJECT_CHAR_NUMBERS];
strcpy(db_obj, db);
strcat(db_obj, ".");
strcat(db_obj, name);
strcpy(wildcard_obj, "*.");
strcat(wildcard_obj, name);
strcpy(db_wildcard, db);
strcat(db_wildcard, ".*");
const char *objects[4];
objects[0] = db_obj;
objects[1] = wildcard_obj;
objects[2] = db_wildcard;
objects[3] = NULL;
matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
table = table->next_global;
char db_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
char db_wildcard[MAX_OBJECT_CHAR_NUMBERS] = {0};
if(db && name &&
((strlen(db) + strlen(name)) < MAX_OBJECT_CHAR_NUMBERS - 2))
{
strcpy(db_obj, db);
strcat(db_obj, ".");
strcat(db_obj, name);
strcpy(wildcard_obj, "*.");
strcat(wildcard_obj, name);
strcpy(db_wildcard, db);
strcat(db_wildcard, ".*");
const char *objects[4];
objects[0] = db_obj;
objects[1] = wildcard_obj;
objects[2] = db_wildcard;
objects[3] = NULL;
matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
table = table->next_global;
}
}
}
if (!matched) {