1berry/MariaDB-server
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bug#29592 SQL Injection issue

Browse Source 
Remove the mysql_odbc_escape_string() function. The function
has multi-byte character escaping issues, doesn't honor the
NO_BACKSLASH_ESCAPES mode and is not used anymore by the
Connector/ODBC as of 3.51.17.
This commit is contained in:
davi@mysql.com/endora.local 2007-11-26 14:09:37 -02:00
parent 9817d93edb
commit cdad8669df
5 changed files with 407 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
include/mysql.h
View File

@ -550,16 +550,6 @@ unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
char *to,const char *from, char *to,const char *from,
unsigned long length); unsigned long length);
void STDCALL mysql_debug(const char *debug); void STDCALL mysql_debug(const char *debug);
char * STDCALL mysql_odbc_escape_string(MYSQL *mysql,
char *to,
unsigned long to_length,
const char *from,
unsigned long from_length,
void *param,
char *
(*extend_buffer)
(void *, char *to,
unsigned long *length));
void STDCALL myodbc_remove_escape(MYSQL *mysql,char *name); void STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
unsigned int STDCALL mysql_thread_safe(void); unsigned int STDCALL mysql_thread_safe(void);
my_bool STDCALL mysql_embedded(void); my_bool STDCALL mysql_embedded(void);

816
include/mysql_h.ic
View File

File diff suppressed because it is too large Load Diff

72
libmysql/libmysql.c
View File

@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
return escape_string_for_mysql(mysql->charset, to, 0, from, length); return escape_string_for_mysql(mysql->charset, to, 0, from, length);
} }
char * STDCALL
mysql_odbc_escape_string(MYSQL *mysql,
char *to, ulong to_length,
const char *from, ulong from_length,
void *param,
char * (*extend_buffer)
(void *, char *, ulong *))
{
char *to_end=to+to_length-5;
const char *end;
#ifdef USE_MB
my_bool use_mb_flag=use_mb(mysql->charset);
#endif
for (end=from+from_length; from != end ; from++)
{
if (to >= to_end)
{
to_length = (ulong) (end-from)+512; /* We want this much more */
if (!(to=(*extend_buffer)(param, to, &to_length)))
return to;
to_end=to+to_length-5;
}
#ifdef USE_MB
{
int l;
if (use_mb_flag && (l = my_ismbchar(mysql->charset, from, end)))
{
while (l--)
*to++ = *from++;
from--;
continue;
}
}
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
*to++= '\\';
*to++= '0';
break;
case '\n': /* Must be escaped for logs */
*to++= '\\';
*to++= 'n';
break;
case '\r':
*to++= '\\';
*to++= 'r';
break;
case '\\':
*to++= '\\';
*to++= '\\';
break;
case '\'':
*to++= '\\';
*to++= '\'';
break;
case '"': /* Better safe than sorry */
*to++= '\\';
*to++= '"';
break;
case '\032': /* This gives problems on Win32 */
*to++= '\\';
*to++= 'Z';
break;
default:
*to++= *from;
}
}
return to;
}
void STDCALL void STDCALL
myodbc_remove_escape(MYSQL *mysql,char *name) myodbc_remove_escape(MYSQL *mysql,char *name)
{ {

1
libmysql/libmysql.def
View File

@ -78,7 +78,6 @@ EXPORTS
mysql_next_result mysql_next_result
mysql_num_fields mysql_num_fields
mysql_num_rows mysql_num_rows
mysql_odbc_escape_string
mysql_options mysql_options
mysql_stmt_param_count mysql_stmt_param_count
mysql_stmt_param_metadata mysql_stmt_param_metadata

1
libmysqld/libmysqld.def
View File

@ -71,7 +71,6 @@ EXPORTS
mysql_next_result mysql_next_result
mysql_num_fields mysql_num_fields
mysql_num_rows mysql_num_rows
mysql_odbc_escape_string
mysql_options mysql_options
mysql_ping mysql_ping
mysql_query mysql_query