safe guards regarding checking for record objs. issue #29.

include/audit_handler.h

@@ -35,7 +35,8 @@ typedef size_t OFFSET;
 
 #define MAX_COM_STATUS_VARS_RECORDS 512
 
-#define MAX_OBJECT_CHAR_NUMBERS 130
+//mysql max identifier is 64 so 2*64 + . and null
+#define MAX_OBJECT_CHAR_NUMBERS 131
 #define MAX_USER_CHAR_NUMBERS 20
 const char * retrieve_user (THD * thd);
 #define MAX_NUM_OBJECT_ELEM 256

src/audit_plugin.cc

@@ -654,23 +654,27 @@ static void audit(ThdSesData *pThdData)
 		while (table && !matched)  {
 		  char *name = table->get_table_name();
 		  char *db = table->get_db_name();
-		  char db_obj[MAX_OBJECT_CHAR_NUMBERS];
+		  char db_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
-		  char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS];
+		  char wildcard_obj[MAX_OBJECT_CHAR_NUMBERS] = {0};
-		  char db_wildcard[MAX_OBJECT_CHAR_NUMBERS];
+		  char db_wildcard[MAX_OBJECT_CHAR_NUMBERS] = {0};
-		  strcpy(db_obj, db);
+		  if(db && name && 
-		  strcat(db_obj, ".");
+			((strlen(db) + strlen(name)) < MAX_OBJECT_CHAR_NUMBERS - 2)) 
-		  strcat(db_obj, name);
+		  {
-		  strcpy(wildcard_obj, "*.");
+			  strcpy(db_obj, db);
-		  strcat(wildcard_obj, name);
+			  strcat(db_obj, ".");
-		  strcpy(db_wildcard, db);
+			  strcat(db_obj, name);
-		  strcat(db_wildcard, ".*");
+			  strcpy(wildcard_obj, "*.");
-		  const char *objects[4];
+			  strcat(wildcard_obj, name);
-		  objects[0] = db_obj;
+			  strcpy(db_wildcard, db);
-		  objects[1] = wildcard_obj;
+			  strcat(db_wildcard, ".*");
-		  objects[2] = db_wildcard;
+			  const char *objects[4];
-		  objects[3] = NULL;
+			  objects[0] = db_obj;
-		  matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
+			  objects[1] = wildcard_obj;
-		  table = table->next_global;
+			  objects[2] = db_wildcard;
+			  objects[3] = NULL;
+			  matched = check_array(objects, (char *) record_objs_array, MAX_OBJECT_CHAR_NUMBERS);
+			  table = table->next_global;
+		  }
 		}
 	}
     if (!matched) {