diff options
| -rw-r--r-- | sql/sql_parse.cc | 26 | ||||
| -rw-r--r-- | tests/mysql_client_test.c | 38 |
2 files changed, 55 insertions, 9 deletions
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc index 93d80164ffb..f28f8f1868a 100644 --- a/sql/sql_parse.cc +++ b/sql/sql_parse.cc @@ -645,7 +645,7 @@ void cleanup_items(Item *item) */ static -int mysql_table_dump(THD *thd, LEX_STRING *db, char *tbl_name) +int mysql_table_dump(THD *thd, LEX_STRING *db, LEX_STRING *table_name) { TABLE* table; TABLE_LIST* table_list; @@ -659,7 +659,7 @@ int mysql_table_dump(THD *thd, LEX_STRING *db, char *tbl_name) if (!(table_list = (TABLE_LIST*) thd->calloc(sizeof(TABLE_LIST)))) DBUG_RETURN(1); // out of memory table_list->db= db->str; - table_list->table_name= table_list->alias= tbl_name; + table_list->table_name= table_list->alias= table_name->str; table_list->lock_type= TL_READ_NO_INSERT; table_list->prev_global= &table_list; // can be removed after merge with 4.1 @@ -670,8 +670,16 @@ int mysql_table_dump(THD *thd, LEX_STRING *db, char *tbl_name) goto err; /* purecov: end */ } + if (!table_name->length || + check_table_name(table_name->str, table_name->length, TRUE)) + { + my_error(ER_WRONG_TABLE_NAME, MYF(0), + table_name->str ? table_name->str : "NULL"); + error= 1; + goto err; + } if (lower_case_table_names) - my_casedn_str(files_charset_info, tbl_name); + my_casedn_str(files_charset_info, table_name->str); if (!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT, 0))) DBUG_RETURN(1); @@ -679,7 +687,7 @@ int mysql_table_dump(THD *thd, LEX_STRING *db, char *tbl_name) if (check_one_table_access(thd, SELECT_ACL, table_list)) goto err; thd->free_list = 0; - thd->set_query(tbl_name, (uint) strlen(tbl_name)); + thd->set_query(table_name->str, table_name->length); if ((error = mysqld_dump_create_info(thd, table_list, -1))) { my_error(ER_GET_ERRNO, MYF(0), my_errno); @@ -1039,8 +1047,7 @@ bool dispatch_command(enum enum_server_command command, THD *thd, #endif case COM_TABLE_DUMP: { - char *tbl_name; - LEX_STRING db; + LEX_STRING db, table; /* Safe because there is always a trailing \0 at the end of the packet */ uint db_len= *(uchar*) packet; if (db_len + 1 > packet_length || db_len > NAME_LEN) @@ -1065,9 +1072,10 @@ bool dispatch_command(enum enum_server_command command, THD *thd, break; } db.length= db_len; - tbl_name= strmake(db.str, packet + 1, db_len)+1; - strmake(tbl_name, packet + db_len + 2, tbl_len); - if (mysql_table_dump(thd, &db, tbl_name) == 0) + table.length= tbl_len; + table.str= strmake(db.str, packet + 1, db_len) + 1; + strmake(table.str, packet + db_len + 2, tbl_len); + if (mysql_table_dump(thd, &db, &table) == 0) thd->main_da.disable_status(); break; } diff --git a/tests/mysql_client_test.c b/tests/mysql_client_test.c index 761582a8bb3..43ba2222650 100644 --- a/tests/mysql_client_test.c +++ b/tests/mysql_client_test.c @@ -18093,6 +18093,43 @@ static void test_bug53371() } +static void test_bug53907() +{ + int rc; + char buf[] = "\x4test\x14../client_test_db/t1"; + + myheader("test_bug53907"); + + rc= mysql_query(mysql, "DROP TABLE IF EXISTS t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE IF EXISTS bug53907"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + + rc= mysql_query(mysql, "CREATE TABLE t1 (a INT)"); + myquery(rc); + rc= mysql_query(mysql, "CREATE DATABASE bug53907"); + myquery(rc); + rc= mysql_query(mysql, "GRANT SELECT ON bug53907.* to 'testbug'@localhost"); + myquery(rc); + + rc= mysql_change_user(mysql, "testbug", NULL, "bug53907"); + myquery(rc); + + rc= simple_command(mysql, COM_TABLE_DUMP, buf, sizeof(buf), 0); + fprintf(stderr, ">>>>>>>>> %d\n", mysql_errno(mysql)); + DIE_UNLESS(mysql_errno(mysql) == 1103); /* ER_WRONG_TABLE_NAME */ + + rc= mysql_change_user(mysql, opt_user, opt_password, current_db); + myquery(rc); + rc= mysql_query(mysql, "DROP TABLE t1"); + myquery(rc); + rc= mysql_query(mysql, "DROP DATABASE bug53907"); + myquery(rc); + rc= mysql_query(mysql, "DROP USER 'testbug'@localhost"); + myquery(rc); +} + /** Bug#42373: libmysql can mess a connection at connect @@ -18484,6 +18521,7 @@ static struct my_tests_st my_tests[]= { { "test_bug20023", test_bug20023 }, { "test_bug45010", test_bug45010 }, { "test_bug53371", test_bug53371 }, + { "test_bug53907", test_bug53907 }, { "test_bug31418", test_bug31418 }, { "test_bug31669", test_bug31669 }, { "test_bug28386", test_bug28386 }, |