diff options
| author | Sergei Golubchik <serg@mariadb.org> | 2016-02-06 13:57:59 +0100 |
|---|---|---|
| committer | Sergei Golubchik <serg@mariadb.org> | 2016-02-06 17:57:37 +0100 |
| commit | 1e361f286bc2cd42c79a4c0ac40209d222e60b11 (patch) | |
| tree | 93b0e3eb1b68d065965750e87e7299c841481194 | |
| parent | 9e4e4121b8b441d3b5b56edece0a05bb16caac3c (diff) | |
| download | mariadb-git-1e361f286bc2cd42c79a4c0ac40209d222e60b11.tar.gz | |
MDEV-4664 mysql_upgrade crashes if root's password contains an apostrophe/single quotation mark
fix dynstr_append_os_quoted() to escape single quotes correctly
for a POSIX shell
| -rw-r--r-- | mysys/string.c | 5 | ||||
| -rw-r--r-- | unittest/mysys/dynstring-t.c | 10 |
2 files changed, 8 insertions, 7 deletions
diff --git a/mysys/string.c b/mysys/string.c index 06fd2c3d014..a63b1f502e5 100644 --- a/mysys/string.c +++ b/mysys/string.c @@ -143,8 +143,10 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...) { #ifdef __WIN__ LEX_CSTRING quote= { C_STRING_WITH_LEN("\"") }; + LEX_CSTRING replace= { C_STRING_WITH_LEN("\\\"") }; #else LEX_CSTRING quote= { C_STRING_WITH_LEN("\'") }; + LEX_CSTRING replace= { C_STRING_WITH_LEN("'\"'\"'") }; #endif /* __WIN__ */ my_bool ret= TRUE; va_list dirty_text; @@ -160,8 +162,7 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...) while(*(next_pos= strcend(cur_pos, quote.str[0])) != '\0') { ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos)); - ret&= dynstr_append_mem(str, STRING_WITH_LEN("\\")); - ret&= dynstr_append_mem(str, quote.str, quote.length); + ret&= dynstr_append_mem(str, replace.str, replace.length); cur_pos= next_pos + 1; } ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos)); diff --git a/unittest/mysys/dynstring-t.c b/unittest/mysys/dynstring-t.c index ca78e45d30c..fed8488da2c 100644 --- a/unittest/mysys/dynstring-t.c +++ b/unittest/mysys/dynstring-t.c @@ -47,25 +47,25 @@ int main(void) check("'space inside'"); ok(dynstr_append_os_quoted(&str1, "single'quote", NULL) == 0, "append"); - check("'single\\'quote'"); + check("'single'\"'\"'quote'"); ok(dynstr_append_os_quoted(&str1, "many'single'quotes", NULL) == 0, "append"); - check("'many\\'single\\'quotes'"); + check("'many'\"'\"'single'\"'\"'quotes'"); ok(dynstr_append_os_quoted(&str1, "'single quoted'", NULL) == 0, "append"); - check("'\\'single quoted\\''"); + check("''\"'\"'single quoted'\"'\"''"); ok(dynstr_append_os_quoted(&str1, "double\"quote", NULL) == 0, "append"); check("'double\"quote'"); ok(dynstr_append_os_quoted(&str1, "mixed\"single'and\"double'quotes", NULL) == 0, "append"); - check("'mixed\"single\\'and\"double\\'quotes'"); + check("'mixed\"single'\"'\"'and\"double'\"'\"'quotes'"); ok(dynstr_append_os_quoted(&str1, "back\\space", NULL) == 0, "append"); check("'back\\space'"); ok(dynstr_append_os_quoted(&str1, "backspace\\'and\\\"quote", NULL) == 0, "append"); - check("'backspace\\\\'and\\\"quote'"); + check("'backspace\\'\"'\"'and\\\"quote'"); dynstr_free(&str1); |