Bug#29592 SQL Injection issue

Remove the mysql_odbc_escape_string() function. The function
has multi-byte character escaping issues, doesn't honor the
NO_BACKSLASH_ESCAPES mode and is not used anymore by the
Connector/ODBC as of 3.51.17.


include/mysql.h:
  Remove mysql_odbc_escape_string() prototype.
include/mysql_h.ic:
  Update abi check file, mostly line changes and mysql_odbc_escape_string
  removal.
libmysql/libmysql.c:
  Remove mysql_odbc_escape_string() body.
libmysql/libmysql.def:
  Remove mysql_odbc_escape_string()
libmysqld/libmysqld.def:
  Remove mysql_odbc_escape_string()

1 files changed, 0 insertions, 10 deletions

diff --git a/include/mysql.h b/include/mysql.h
index b3e0dc45496..f2303abb241 100644
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -550,16 +550,6 @@ unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
 					       char *to,const char *from,
 					       unsigned long length);
 void		STDCALL mysql_debug(const char *debug);
-char *		STDCALL mysql_odbc_escape_string(MYSQL *mysql,
-						 char *to,
-						 unsigned long to_length,
-						 const char *from,
-						 unsigned long from_length,
-						 void *param,
-						 char *
-						 (*extend_buffer)
-						 (void *, char *to,
-						  unsigned long *length));
 void 		STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
 unsigned int	STDCALL mysql_thread_safe(void);
 my_bool		STDCALL mysql_embedded(void);