Bug #33145 User-defined string value handling allow agent to send invalid XML
Submitted: 11 Dec 2007 17:36 Modified: 31 Jan 2008 16:35
Reporter: Todd Farmer (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Enterprise Monitor: Agent Severity:S3 (Non-critical)
Version:1.2.0.7879 OS:Any
Assigned to: Kay Roepke CPU Architecture:Any

[11 Dec 2007 17:36] Todd Farmer 
Description:
The MEM Agent reports user-defined string values, such as Master_host from SHOW SLAVE STATUS, to the Service Manager without escaping the values or wrapping them in CDATA.  When the SM goes to parse the XML message received, though, it cannot do so successfully if it is invalid XML syntax.  For example, it is possible to issue the following command on the server:

CHANGE MASTER TO MASTER_HOST = '<BadXML>';

When the replication information is put into an XML message, it might look like:

<host><BadXML></host>

This is invalid XML and won't parse, causing the SM to send an error to the Agent and ask it to shut down.

How to repeat:
Issue CHANGE MASTER TO MASTER_HOST = '<BadXML>'; on monitored server.

Suggested fix:
Either escape user-supplied string values or use CDATA blocks.
[11 Jan 2008 20:25] Sloan Childers 
Kay, could you please take a quick look at the agent code and see if there is a simple low risk fix for this customer issue?
[23 Jan 2008 1:43] Sloan Childers 
r8800 development-1.2.1
[30 Jan 2008 14:04] Carsten Segieth 
tested OK in 1.3.0.8836
[31 Jan 2008 16:35] Peter Lavin 
Thank you for your bug report. This issue has been addressed in the documentation. The updated documentation will appear on our website shortly, and will be included in the next release of the relevant products.
Added to the changelog for version 1.2/1.3.