diff -pur mysql-4.1.19/sql/sql_lex.cc mysql-4.1.19-secfix/sql/sql_lex.cc
--- mysql-4.1.19/sql/sql_lex.cc	2006-04-29 07:35:53.000000000 +0200
+++ mysql-4.1.19-secfix/sql/sql_lex.cc	2006-05-15 12:52:06.000000000 +0200
@@ -912,6 +912,9 @@ int yylex(void *arg, void *yythd)
       while (lex->ptr != lex->end_of_query &&
 	     ((c=yyGet()) != '*' || yyPeek() != '/'))
       {
+        if (c == '\0')
+          return(ABORT_SYM);            // NULLs illegal even in comments
+
 	if (c == '\n')
 	  lex->yylineno++;
       }
diff -pur mysql-4.1.19/tests/mysql_client_test.c mysql-4.1.19-secfix/tests/mysql_client_test.c
--- mysql-4.1.19/tests/mysql_client_test.c	2006-04-29 07:35:53.000000000 +0200
+++ mysql-4.1.19-secfix/tests/mysql_client_test.c	2006-05-15 12:59:49.000000000 +0200
@@ -22,6 +22,7 @@
 ***************************************************************************/
 
 #include <my_global.h>
+#include <mysqld_error.h>
 #include <my_sys.h>
 #include <mysql.h>
 #include <errmsg.h>
@@ -11849,6 +11850,48 @@ static void test_bug15613()
 }
 
 /*
++  Bug #17667: An attacker has the opportunity to bypass query logging.
++*/
+
+static void test_bug17667()
+{
+  NET *net= &mysql->net;
+  int rc;
+  myheader("test_bug17667");
+
+  /* I. Prepare the table */
+  mysql_real_query(mysql,     "drop table if exists t1", 23);
+
+  rc= mysql_real_query(mysql, "create table t1 (i int)", 23);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into t1 (i) values (1)", 29);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "insert into /* NUL=\0 */ t1 (i) values (2)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "/* NUL=\0 */ insert into t1 (i) values (3)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == ER_PARSE_ERROR);
+
+  mysql_real_query(mysql,     "insert into /* TAB=\t */ t1 (i) values (4)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  mysql_real_query(mysql,     "/* TAB=\t */ insert into t1 (i) values (5)", 41);
+  myquery(rc);
+  DIE_UNLESS(net->last_errno == 0);
+
+  /* II. Cleanup */
+  rc= mysql_real_query(mysql, "drop table t1", 13);
+  myquery(rc);
+}
+
+/*
   Read and parse arguments and MySQL options from my.cnf
 */
 
@@ -12071,6 +12114,7 @@ static struct my_tests_st my_tests[]= {
   { "test_bug11718", test_bug11718 },
   { "test_bug12925", test_bug12925 },
   { "test_bug15613", test_bug15613 },
+  { "test_bug17667", test_bug17667 },
   { 0, 0 }
 };