Automerge MariaDB 5.1.44b release.

author: unknown <knielsen@knielsen-hq.org> 2010-05-10 09:34:49 +0200
committer: unknown <knielsen@knielsen-hq.org> 2010-05-10 09:34:49 +0200
commit: 0ae75abfb6dba5f81d45f15c2dba5fe679f69d09 (patch)
tree: fd00ef55ffe6cac049445df53c1ed72a193557c6 /sql
parent: 4402f65267dd3b77cfe71746eb5ec7597aea0f0a (diff)
parent: fcfb218f71b7d371a10df020994fc0a618639327 (diff)
download: mariadb-git-0ae75abfb6dba5f81d45f15c2dba5fe679f69d09.tar.gz
6 files changed, 43 insertions, 8 deletions
diff --git a/sql/mysql_priv.h b/sql/mysql_priv.h
index 6f5d0a82d6f..5ceaf00d1f2 100644
--- a/sql/mysql_priv.h
+++ b/sql/mysql_priv.h
@@ -2289,7 +2289,7 @@ void update_create_info_from_table(HA_CREATE_INFO *info, TABLE *form);
 int rename_file_ext(const char * from,const char * to,const char * ext);
 bool check_db_name(LEX_STRING *db);
 bool check_column_name(const char *name);
-bool check_table_name(const char *name, uint length);
+bool check_table_name(const char *name, uint length, bool check_for_path_chars);
 char *get_field(MEM_ROOT *mem, Field *field);
 bool get_field(MEM_ROOT *mem, Field *field, class String *res);
 int wild_case_compare(CHARSET_INFO *cs, const char *str,const char *wildstr);
diff --git a/sql/partition_info.cc b/sql/partition_info.cc
index e7d3e842903..0de8e478f03 100644
--- a/sql/partition_info.cc
+++ b/sql/partition_info.cc
@@ -972,7 +972,7 @@ bool partition_info::check_partition_info(THD *thd, handlerton **eng_type,
           part_elem->engine_type= default_engine_type;
         }
         if (check_table_name(part_elem->partition_name,
-                             strlen(part_elem->partition_name)))
+                             strlen(part_elem->partition_name), FALSE))
         {
           my_error(ER_WRONG_PARTITION_NAME, MYF(0));
           goto end;
@@ -990,7 +990,7 @@ bool partition_info::check_partition_info(THD *thd, handlerton **eng_type,
         {
           sub_elem= sub_it++;
           if (check_table_name(sub_elem->partition_name,
-                               strlen(sub_elem->partition_name)))
+                               strlen(sub_elem->partition_name), FALSE))
           {
             my_error(ER_WRONG_PARTITION_NAME, MYF(0));
             goto end;
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 6d599d9c2df..a93c7467c8c 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -1334,6 +1334,11 @@ bool dispatch_command(enum enum_server_command command, THD *thd,
                                 system_charset_info, packet, db_length,
                                 thd->charset(), &dummy_errors);
     db_buff[db_length]= '\0';
+    if (check_table_name(db_buff, db_length, FALSE))
+    {
+      my_error(ER_WRONG_TABLE_NAME, MYF(0), db_buff);
+      break;
+    }
     table_list.alias= table_list.table_name= db_buff;
     if (!(fields= (char *) thd->memdup(wildcard, query_length + 1)))
       break;
@@ -6298,7 +6303,7 @@ TABLE_LIST *st_select_lex::add_table_to_list(THD *thd,
     DBUG_RETURN(0);				// End of memory
   alias_str= alias ? alias->str : table->table.str;
   if (!test(table_options & TL_OPTION_ALIAS) && 
-      check_table_name(table->table.str, table->table.length))
+      check_table_name(table->table.str, table->table.length, FALSE))
   {
     my_error(ER_WRONG_TABLE_NAME, MYF(0), table->table.str);
     DBUG_RETURN(0);
diff --git a/sql/sql_table.cc b/sql/sql_table.cc
index 4ed47ed5566..014d82f0e91 100644
--- a/sql/sql_table.cc
+++ b/sql/sql_table.cc
@@ -435,7 +435,21 @@ uint tablename_to_filename(const char *from, char *to, uint to_length)
   DBUG_PRINT("enter", ("from '%s'", from));
 
   if ((length= check_n_cut_mysql50_prefix(from, to, to_length)))
+  {
+    /*
+      Check if the name supplied is a valid mysql 5.0 name and 
+      make the name a zero length string if it's not.
+      Note that just returning zero length is not enough : 
+      a lot of places don't check the return value and expect 
+      a zero terminated string.
+    */  
+    if (check_table_name(to, length, TRUE))
+    {
+      to[0]= 0;
+      length= 0;
+    }
     DBUG_RETURN(length);
+  }
   length= strconvert(system_charset_info, from,
                      &my_charset_filename, to, to_length, &errors);
   if (check_if_legal_tablename(to) &&
diff --git a/sql/sql_yacc.yy b/sql/sql_yacc.yy
index 69ac06eaa3e..f8cc474c451 100644
--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -6149,7 +6149,7 @@ alter_list_item:
             {
               MYSQL_YYABORT;
             }
-            if (check_table_name($3->table.str,$3->table.length) ||
+            if (check_table_name($3->table.str,$3->table.length, FALSE) ||
                 ($3->db.str && check_db_name(&$3->db)))
             {
               my_error(ER_WRONG_TABLE_NAME, MYF(0), $3->table.str);
diff --git a/sql/table.cc b/sql/table.cc
index 78c415286a2..7bfdc8d184e 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -494,6 +494,19 @@ inline bool is_system_table_name(const char *name, uint length)
 }
 
 
+/**
+  Check if a string contains path elements
+*/  
+
+static inline bool has_disabled_path_chars(const char *str)
+{
+  for (; *str; str++)
+    if (*str == FN_EXTCHAR || *str == '/' || *str == '\\' || *str == '~' || *str == '@')
+      return TRUE;
+  return FALSE;
+}
+
+
 /*
   Read table definition from a binary / text based .frm file
   
@@ -548,7 +561,8 @@ int open_table_def(THD *thd, TABLE_SHARE *share, uint db_flags)
         This kind of tables must have been opened only by the
         my_open() above.
     */
-    if (strchr(share->table_name.str, '@') ||
+    if (has_disabled_path_chars(share->table_name.str) ||
+        has_disabled_path_chars(share->db.str) ||
         !strncmp(share->db.str, MYSQL50_TABLE_NAME_PREFIX,
                  MYSQL50_TABLE_NAME_PREFIX_LENGTH) ||
         !strncmp(share->table_name.str, MYSQL50_TABLE_NAME_PREFIX,
@@ -2718,7 +2732,6 @@ bool check_db_name(LEX_STRING *org_name)
             (name_length > NAME_CHAR_LEN)); /* purecov: inspected */
 }
 
-
 /*
   Allow anything as a table name, as long as it doesn't contain an
   ' ' at the end
@@ -2726,7 +2739,7 @@ bool check_db_name(LEX_STRING *org_name)
 */
 
 
-bool check_table_name(const char *name, uint length)
+bool check_table_name(const char *name, uint length, bool check_for_path_chars)
 {
   uint name_length= 0;  // name length in symbols
   const char *end= name+length;
@@ -2753,6 +2766,9 @@ bool check_table_name(const char *name, uint length)
         continue;
       }
     }
+    if (check_for_path_chars &&
+        (*name == '/' || *name == '\\' || *name == '~' || *name == FN_EXTCHAR))
+      return 1;
 #endif
     name++;
     name_length++;
author	unknown <knielsen@knielsen-hq.org>	2010-05-10 09:34:49 +0200
committer	unknown <knielsen@knielsen-hq.org>	2010-05-10 09:34:49 +0200
commit	0ae75abfb6dba5f81d45f15c2dba5fe679f69d09 (patch)
tree	fd00ef55ffe6cac049445df53c1ed72a193557c6 /sql
parent	4402f65267dd3b77cfe71746eb5ec7597aea0f0a (diff)
parent	fcfb218f71b7d371a10df020994fc0a618639327 (diff)
download	mariadb-git-0ae75abfb6dba5f81d45f15c2dba5fe679f69d09.tar.gz