From af0a366267a57bde8b872592828dd7b0469d5e45 Mon Sep 17 00:00:00 2001
From: Guy Lichtman <Guy_Lichtman@McAfee.com>
Date: Sat, 12 Jan 2013 10:53:48 +0200
Subject: [PATCH] safe guards regarding checking for record objs. issue #29.

---
 include/audit_handler.h |  3 ++-
 src/audit_plugin.cc     | 38 +++++++++++++++++++++-----------------
 2 files changed, 23 insertions(+), 18 deletions(-)

diff --git a/include/audit_handler.h b/include/audit_handler.h
index 9ee5e0e..813bc9e 100755
--- a/include/audit_handler.h
+++ b/include/audit_handler.h
@@ -35,7 +35,8 @@ typedef size_t OFFSET;
 
 #define MAX_COM_STATUS_VARS_RECORDS 512
 
-#define MAX_OBJECT_CHAR_NUMBERS 130
+//mysql max identifier is 64 so 2*64 + . and null
+#define MAX_OBJECT_CHAR_NUMBERS 131
 #define MAX_USER_CHAR_NUMBERS 20
 const char * retrieve_user (THD * thd);
 #define MAX_NUM_OBJECT_ELEM 256
diff --git a/src/audit_plugin.cc b/src/audit_plugin.cc
index 8631960..1561d94 100755
--- a/src/audit_plugin.cc
+++ b/src/audit_plugin.cc
@@ -654,23 +654,27 @@ static void audit(ThdSesData *pThdData)
 		while (table && !matched)  {
 		  char *name = table->get_table_name();
 		  char *db = table->get_db_name();
-		  char db_obj[MAX_OBJECT_CHAR_NUMBERS];
-		  char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS];
-		  char db_wildcard[MAX_OBJECT_CHAR_NUMBERS];
-		  strcpy(db_obj, db);
-		  strcat(db_obj, ".");
-		  strcat(db_obj, name);
-		  strcpy(wildcard_obj, "*.");
-		  strcat(wildcard_obj, name);
-		  strcpy(db_wildcard, db);
-		  strcat(db_wildcard, ".*");
-		  const char *objects[4];
-		  objects[0] = db_obj;
-		  objects[1] = wildcard_obj;
-		  objects[2] = db_wildcard;
-		  objects[3] = NULL;
-		  matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
-		  table = table->next_global;
+		  char db_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
+		  char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
+		  char db_wildcard[MAX_OBJECT_CHAR_NUMBERS] = {0};
+		  if(db && name && 
+			((strlen(db) + strlen(name)) < MAX_OBJECT_CHAR_NUMBERS - 2)) 
+		  {
+			  strcpy(db_obj, db);
+			  strcat(db_obj, ".");
+			  strcat(db_obj, name);
+			  strcpy(wildcard_obj, "*.");
+			  strcat(wildcard_obj, name);
+			  strcpy(db_wildcard, db);
+			  strcat(db_wildcard, ".*");
+			  const char *objects[4];
+			  objects[0] = db_obj;
+			  objects[1] = wildcard_obj;
+			  objects[2] = db_wildcard;
+			  objects[3] = NULL;
+			  matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
+			  table = table->next_global;
+		  }
 		}
 	}
     if (!matched) {