From 7e592544541d9767e1bd18dc435d60620064abff Mon Sep 17 00:00:00 2001
From: Esa Korhonen <esa.korhonen@mariadb.com>
Date: Wed, 14 Jun 2017 17:49:52 +0300
Subject: [PATCH] Change modutil_get_SQL() to modutil_extract_SQL() + length
 limit

The modutil_get_SQL()-function allocates storage, while
modutil_extract_SQL() does not. The strings given by the latter
are not 0-terminated so require a length limit when matched using
regexec().

This commit changes the used function in those cases where the
sql-string is not modified nor is the pointer saved for later use.
---
 server/modules/filter/ccrfilter/ccrfilter.c     |  9 ++++-----
 .../namedserverfilter/namedserverfilter.c       |  6 +++---
 server/modules/filter/qlafilter/qlafilter.c     | 17 ++++++++---------
 server/modules/filter/tee/tee.c                 |  9 +++++----
 4 files changed, 20 insertions(+), 21 deletions(-)

diff --git a/server/modules/filter/ccrfilter/ccrfilter.c b/server/modules/filter/ccrfilter/ccrfilter.c
index f887c7b55..41ac991fc 100644
--- a/server/modules/filter/ccrfilter/ccrfilter.c
+++ b/server/modules/filter/ccrfilter/ccrfilter.c
@@ -284,6 +284,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
     CCR_INSTANCE *my_instance = (CCR_INSTANCE *)instance;
     CCR_SESSION  *my_session = (CCR_SESSION *)session;
     char *sql;
+    regmatch_t limits[] = {{0, 0}};
     time_t now = time(NULL);
 
     if (modutil_is_SQL(queue))
@@ -294,13 +295,13 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
          */
         if (qc_query_is_type(qc_get_type_mask(queue), QUERY_TYPE_WRITE))
         {
-            if ((sql = modutil_get_SQL(queue)) != NULL)
+            if (modutil_extract_SQL(queue, &sql, &limits[0].rm_eo))
             {
                 if (my_instance->nomatch == NULL ||
-                    (my_instance->nomatch && regexec(&my_instance->nore, sql, 0, NULL, 0) != 0))
+                    (my_instance->nomatch && regexec(&my_instance->nore, sql, 0, limits, REG_STARTEND) != 0))
                 {
                     if (my_instance->match == NULL ||
-                        (my_instance->match && regexec(&my_instance->re, sql, 0, NULL, 0) == 0))
+                        (my_instance->match && regexec(&my_instance->re, sql, 0, limits, REG_STARTEND) == 0))
                     {
                         if (my_instance->count)
                         {
@@ -317,8 +318,6 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
                         my_instance->stats.n_modified++;
                     }
                 }
-
-                MXS_FREE(sql);
             }
         }
         else if (my_session->hints_left > 0)
diff --git a/server/modules/filter/namedserverfilter/namedserverfilter.c b/server/modules/filter/namedserverfilter/namedserverfilter.c
index b8d18c200..e5965eed6 100644
--- a/server/modules/filter/namedserverfilter/namedserverfilter.c
+++ b/server/modules/filter/namedserverfilter/namedserverfilter.c
@@ -310,12 +310,13 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
     REGEXHINT_INSTANCE *my_instance = (REGEXHINT_INSTANCE *) instance;
     REGEXHINT_SESSION *my_session = (REGEXHINT_SESSION *) session;
     char *sql;
+    regmatch_t limits[] = {{0, 0}};
 
     if (modutil_is_SQL(queue) && my_session->active)
     {
-        if ((sql = modutil_get_SQL(queue)) != NULL)
+        if (modutil_extract_SQL(queue, &sql, &limits[0].rm_eo))
         {
-            if (regexec(&my_instance->re, sql, 0, NULL, 0) == 0)
+            if (regexec(&my_instance->re, sql, 0, limits, REG_STARTEND) == 0)
             {
                 queue->hint = hint_create_route(queue->hint,
                                                 HINT_ROUTE_TO_NAMED_SERVER,
@@ -326,7 +327,6 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
             {
                 my_session->n_undiverted++;
             }
-            MXS_FREE(sql);
         }
     }
     return my_session->down.routeQuery(my_session->down.instance,
diff --git a/server/modules/filter/qlafilter/qlafilter.c b/server/modules/filter/qlafilter/qlafilter.c
index 463b8459d..cc9a51f43 100644
--- a/server/modules/filter/qlafilter/qlafilter.c
+++ b/server/modules/filter/qlafilter/qlafilter.c
@@ -507,19 +507,19 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
 {
     QLA_INSTANCE *my_instance = (QLA_INSTANCE *) instance;
     QLA_SESSION *my_session = (QLA_SESSION *) session;
-    char *ptr = NULL;
-    int length = 0;
+    char *sql;
     struct tm t;
     struct timeval tv;
+    regmatch_t limits[] = {{0, 0}};
 
     if (my_session->active)
     {
-        if (modutil_extract_SQL(queue, &ptr, &length))
+        if (modutil_extract_SQL(queue, &sql, &limits[0].rm_eo))
         {
             if ((my_instance->match == NULL ||
-                 regexec(&my_instance->re, ptr, 0, NULL, 0) == 0) &&
+                 regexec(&my_instance->re, sql, 0, limits, REG_STARTEND) == 0) &&
                 (my_instance->nomatch == NULL ||
-                 regexec(&my_instance->nore, ptr, 0, NULL, 0) != 0))
+                 regexec(&my_instance->nore, sql, 0, limits, REG_STARTEND) != 0))
             {
                 char buffer[QLA_DATE_BUFFER_SIZE];
                 gettimeofday(&tv, NULL);
@@ -530,8 +530,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
                  * Loop over all the possible log file modes and write to
                  * the enabled files.
                  */
-
-                char *sql_string = ptr;
+                int length = limits[0].rm_eo;
                 bool write_error = false;
                 if (my_instance->log_mode_flags & CONFIG_FILE_SESSION)
                 {
@@ -541,7 +540,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
                                            ~LOG_DATA_SESSION);
 
                     if (write_log_entry(data_flags, my_session->fp,
-                                        my_instance, my_session, buffer, sql_string, length) < 0)
+                                        my_instance, my_session, buffer, sql, length) < 0)
                     {
                         write_error = true;
                     }
@@ -550,7 +549,7 @@ routeQuery(MXS_FILTER *instance, MXS_FILTER_SESSION *session, GWBUF *queue)
                 {
                     uint32_t data_flags = my_instance->log_file_data_flags;
                     if (write_log_entry(data_flags, my_instance->unified_fp,
-                                        my_instance, my_session, buffer, sql_string, length) < 0)
+                                        my_instance, my_session, buffer, sql, length) < 0)
                     {
                         write_error = true;
                     }
diff --git a/server/modules/filter/tee/tee.c b/server/modules/filter/tee/tee.c
index 768c6b88a..707d978d3 100644
--- a/server/modules/filter/tee/tee.c
+++ b/server/modules/filter/tee/tee.c
@@ -846,16 +846,17 @@ GWBUF* clone_query(TEE_INSTANCE* my_instance, TEE_SESSION* my_session, GWBUF* bu
     }
     else
     {
-        char *ptr = modutil_get_SQL(buffer);
+        char *ptr = NULL;
+        regmatch_t limits[] = {{0, 0}};
+        modutil_extract_SQL(buffer, &ptr, &limits[0].rm_eo);
 
         if (ptr)
         {
-            if ((my_instance->match && regexec(&my_instance->re, ptr, 0, NULL, 0) == 0) ||
-                (my_instance->nomatch && regexec(&my_instance->nore, ptr, 0, NULL, 0) != 0))
+            if ((my_instance->match && regexec(&my_instance->re, ptr, 0, limits, REG_STARTEND) == 0) ||
+                (my_instance->nomatch && regexec(&my_instance->nore, ptr, 0, limits, REG_STARTEND) != 0))
             {
                 clone = gwbuf_clone(buffer);
             }
-            MXS_FREE(ptr);
         }
     }