diff options
| author | unknown <knielsen@knielsen-hq.org> | 2012-08-24 10:06:16 +0200 |
|---|---|---|
| committer | unknown <knielsen@knielsen-hq.org> | 2012-08-24 10:06:16 +0200 |
| commit | cdeabcfd436c65e0a97e74b1722d0259ba907541 (patch) | |
| tree | 5f3bbc9f42cb88a5615ab48a421472a17f56d030 /sql/sql_db.cc | |
| parent | 34f2f8ea41726d98e50752ff3453ebde70912c35 (diff) | |
| download | mariadb-git-cdeabcfd436c65e0a97e74b1722d0259ba907541.tar.gz | |
MDEV-382: Incorrect quoting
Various places in the server replication code was incorrectly quoting
strings, which could lead to incorrect SQL on the slave/mysqlbinlog.
Diffstat (limited to 'sql/sql_db.cc')
| -rw-r--r-- | sql/sql_db.cc | 41 |
1 files changed, 12 insertions, 29 deletions
diff --git a/sql/sql_db.cc b/sql/sql_db.cc index 460b41349b3..a407faf3c5e 100644 --- a/sql/sql_db.cc +++ b/sql/sql_db.cc @@ -612,7 +612,6 @@ int mysql_create_db(THD *thd, char *db, HA_CREATE_INFO *create_info, bool silent) { char path[FN_REFLEN+16]; - char tmp_query[FN_REFLEN+16]; long result= 1; int error= 0; MY_STAT stat_info; @@ -719,17 +718,9 @@ not_silent: char *query; uint query_length; - if (!thd->query()) // Only in replication - { - query= tmp_query; - query_length= (uint) (strxmov(tmp_query,"create database `", - db, "`", NullS) - tmp_query); - } - else - { - query= thd->query(); - query_length= thd->query_length(); - } + query= thd->query(); + query_length= thd->query_length(); + DBUG_ASSERT(query); ha_binlog_log_query(thd, 0, LOGCOM_CREATE_DB, query, query_length, @@ -989,18 +980,11 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent) { const char *query; ulong query_length; - if (!thd->query()) - { - /* The client used the old obsolete mysql_drop_db() call */ - query= path; - query_length= (uint) (strxmov(path, "drop database `", db, "`", - NullS) - path); - } - else - { - query= thd->query(); - query_length= thd->query_length(); - } + + query= thd->query(); + query_length= thd->query_length(); + DBUG_ASSERT(query); + if (mysql_bin_log.is_open()) { thd->clear_error(); @@ -1041,9 +1025,10 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent) for (tbl= dropped_tables; tbl; tbl= tbl->next_local) { uint tbl_name_len; + char quoted_name[FN_REFLEN+3]; - /* 3 for the quotes and the comma*/ - tbl_name_len= strlen(tbl->table_name) + 3; + my_snprintf(quoted_name, sizeof(quoted_name), "%`s", tbl->table_name); + tbl_name_len= strlen(quoted_name) + 1; /* +1 for the comma */ if (query_pos + tbl_name_len + 1 >= query_end) { /* These DDL methods and logging protected with LOCK_mysql_create_db */ @@ -1055,9 +1040,7 @@ bool mysql_rm_db(THD *thd,char *db,bool if_exists, bool silent) query_pos= query_data_start; } - *query_pos++ = '`'; - query_pos= strmov(query_pos,tbl->table_name); - *query_pos++ = '`'; + query_pos= strmov(query_pos, quoted_name); *query_pos++ = ','; } |