1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

MDEV-4664 mysql_upgrade crashes if root's password contains an apostrophe/single quotation mark

Browse Source 
fix dynstr_append_os_quoted() to escape single quotes correctly
for a POSIX shell
This commit is contained in:
Sergei Golubchik 2016-02-06 13:57:59 +01:00
parent 9e4e4121b8
commit 1e361f286b
2 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
mysys/string.c
View File

@ -143,8 +143,10 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
{ {
#ifdef __WIN__ #ifdef __WIN__
LEX_CSTRING quote= { C_STRING_WITH_LEN("\"") }; LEX_CSTRING quote= { C_STRING_WITH_LEN("\"") };
LEX_CSTRING replace= { C_STRING_WITH_LEN("\\\"") };
#else #else
LEX_CSTRING quote= { C_STRING_WITH_LEN("\'") }; LEX_CSTRING quote= { C_STRING_WITH_LEN("\'") };
LEX_CSTRING replace= { C_STRING_WITH_LEN("'\"'\"'") };
#endif /* __WIN__ */ #endif /* __WIN__ */
my_bool ret= TRUE; my_bool ret= TRUE;
va_list dirty_text; va_list dirty_text;
@ -160,8 +162,7 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
while(*(next_pos= strcend(cur_pos, quote.str[0])) != '\0') while(*(next_pos= strcend(cur_pos, quote.str[0])) != '\0')
{ {
ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos)); ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));
ret&= dynstr_append_mem(str, STRING_WITH_LEN("\\")); ret&= dynstr_append_mem(str, replace.str, replace.length);
ret&= dynstr_append_mem(str, quote.str, quote.length);
cur_pos= next_pos + 1; cur_pos= next_pos + 1;
} }
ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos)); ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));

10
unittest/mysys/dynstring-t.c
View File

@ -47,25 +47,25 @@ int main(void)
check("'space inside'"); check("'space inside'");
ok(dynstr_append_os_quoted(&str1, "single'quote", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "single'quote", NULL) == 0, "append");
check("'single\\'quote'"); check("'single'\"'\"'quote'");
ok(dynstr_append_os_quoted(&str1, "many'single'quotes", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "many'single'quotes", NULL) == 0, "append");
check("'many\\'single\\'quotes'"); check("'many'\"'\"'single'\"'\"'quotes'");
ok(dynstr_append_os_quoted(&str1, "'single quoted'", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "'single quoted'", NULL) == 0, "append");
check("'\\'single quoted\\''"); check("''\"'\"'single quoted'\"'\"''");
ok(dynstr_append_os_quoted(&str1, "double\"quote", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "double\"quote", NULL) == 0, "append");
check("'double\"quote'"); check("'double\"quote'");
ok(dynstr_append_os_quoted(&str1, "mixed\"single'and\"double'quotes", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "mixed\"single'and\"double'quotes", NULL) == 0, "append");
check("'mixed\"single\\'and\"double\\'quotes'"); check("'mixed\"single'\"'\"'and\"double'\"'\"'quotes'");
ok(dynstr_append_os_quoted(&str1, "back\\space", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "back\\space", NULL) == 0, "append");
check("'back\\space'"); check("'back\\space'");
ok(dynstr_append_os_quoted(&str1, "backspace\\'and\\\"quote", NULL) == 0, "append"); ok(dynstr_append_os_quoted(&str1, "backspace\\'and\\\"quote", NULL) == 0, "append");
check("'backspace\\\\'and\\\"quote'"); check("'backspace\\'\"'\"'and\\\"quote'");
dynstr_free(&str1); dynstr_free(&str1);