summaryrefslogtreecommitdiff
path: root/sql
diff options
context:
space:
mode:
Diffstat (limited to 'sql')
-rw-r--r--sql/item_cmpfunc.cc27
-rw-r--r--sql/item_cmpfunc.h1
-rw-r--r--sql/item_timefunc.cc4
-rw-r--r--sql/sql_db.cc15
-rw-r--r--sql/sql_parse.cc50
-rw-r--r--sql/table.cc2
6 files changed, 72 insertions, 27 deletions
diff --git a/sql/item_cmpfunc.cc b/sql/item_cmpfunc.cc
index 84b18201ad1..e7a6c52dfd9 100644
--- a/sql/item_cmpfunc.cc
+++ b/sql/item_cmpfunc.cc
@@ -721,17 +721,41 @@ double Item_func_case::val()
bool
Item_func_case::fix_fields(THD *thd,TABLE_LIST *tables)
{
-
if (first_expr && first_expr->fix_fields(thd,tables) ||
else_expr && else_expr->fix_fields(thd,tables))
return 1;
if (Item_func::fix_fields(thd,tables))
return 1;
+ if (first_expr)
+ {
+ used_tables_cache|=(first_expr)->used_tables();
+ const_item_cache&= (first_expr)->const_item();
+ }
+ if (else_expr)
+ {
+ used_tables_cache|=(else_expr)->used_tables();
+ const_item_cache&= (else_expr)->const_item();
+ }
if (!else_expr || else_expr->maybe_null)
maybe_null=1; // The result may be NULL
return 0;
}
+void Item_func_case::update_used_tables()
+{
+ Item_func::update_used_tables();
+ if (first_expr)
+ {
+ used_tables_cache|=(first_expr)->used_tables();
+ const_item_cache&= (first_expr)->const_item();
+ }
+ if (else_expr)
+ {
+ used_tables_cache|=(else_expr)->used_tables();
+ const_item_cache&= (else_expr)->const_item();
+ }
+}
+
void Item_func_case::fix_length_and_dec()
{
@@ -750,6 +774,7 @@ void Item_func_case::fix_length_and_dec()
}
}
+/* TODO: Fix this so that it prints the whole CASE expression */
void Item_func_case::print(String *str)
{
diff --git a/sql/item_cmpfunc.h b/sql/item_cmpfunc.h
index 95b2c3bf723..5ee0687c064 100644
--- a/sql/item_cmpfunc.h
+++ b/sql/item_cmpfunc.h
@@ -254,6 +254,7 @@ public:
longlong val_int();
String *val_str(String *);
void fix_length_and_dec();
+ void update_used_tables();
enum Item_result result_type () const { return cached_result_type; }
const char *func_name() const { return "case"; }
void print(String *str);
diff --git a/sql/item_timefunc.cc b/sql/item_timefunc.cc
index 49bce381901..b305b5ccec3 100644
--- a/sql/item_timefunc.cc
+++ b/sql/item_timefunc.cc
@@ -135,7 +135,11 @@ String* Item_func_monthname::val_str(String* str)
{
uint month=(uint) Item_func_month::val_int();
if (!month) // This is also true for NULL
+ {
+ null_value=1;
return (String*) 0;
+ }
+ null_value=0;
return &month_names[month-1];
}
diff --git a/sql/sql_db.cc b/sql/sql_db.cc
index 25bbe75e944..3786e771ecb 100644
--- a/sql/sql_db.cc
+++ b/sql/sql_db.cc
@@ -28,6 +28,8 @@
static long mysql_rm_known_files(THD *thd, MY_DIR *dirp, const char *path,
uint level);
+/* db-name is already validated when we come here */
+
void mysql_create_db(THD *thd, char *db, uint create_options)
{
char path[FN_REFLEN+16];
@@ -35,11 +37,6 @@ void mysql_create_db(THD *thd, char *db, uint create_options)
long result=1;
DBUG_ENTER("mysql_create_db");
- if (!stripp_sp(db) || check_db_name(db))
- {
- net_printf(&thd->net,ER_WRONG_DB_NAME, db);
- DBUG_VOID_RETURN;
- }
VOID(pthread_mutex_lock(&LOCK_mysql_create_db));
/* Check directory */
@@ -96,6 +93,8 @@ static TYPELIB deletable_extentions=
{array_elements(del_exts)-1,"del_exts", del_exts};
+/* db-name is already validated when we come here */
+
void mysql_rm_db(THD *thd,char *db,bool if_exists)
{
long deleted=0;
@@ -103,12 +102,6 @@ void mysql_rm_db(THD *thd,char *db,bool if_exists)
MY_DIR *dirp;
DBUG_ENTER("mysql_rm_db");
- if (!stripp_sp(db) || check_db_name(db))
- {
- net_printf(&thd->net,ER_WRONG_DB_NAME, db);
- DBUG_VOID_RETURN;
- }
-
VOID(pthread_mutex_lock(&LOCK_mysql_create_db));
VOID(pthread_mutex_lock(&LOCK_open));
diff --git a/sql/sql_parse.cc b/sql/sql_parse.cc
index 2926f59547f..854a47fd9c0 100644
--- a/sql/sql_parse.cc
+++ b/sql/sql_parse.cc
@@ -510,7 +510,7 @@ int mysql_table_dump(THD* thd, char* db, char* tbl_name, int fd)
int error = 0;
DBUG_ENTER("mysql_table_dump");
db = (db && db[0]) ? db : thd->db;
- if(!(table_list = (TABLE_LIST*) sql_calloc(sizeof(TABLE_LIST))))
+ if (!(table_list = (TABLE_LIST*) sql_calloc(sizeof(TABLE_LIST))))
DBUG_RETURN(1); // out of memory
table_list->db = db;
table_list->real_name = table_list->name = tbl_name;
@@ -518,9 +518,14 @@ int mysql_table_dump(THD* thd, char* db, char* tbl_name, int fd)
table_list->next = 0;
remove_escape(table_list->real_name);
- if(!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT)))
+ if (!(table=open_ltable(thd, table_list, TL_READ_NO_INSERT)))
DBUG_RETURN(1);
+ if (!db || check_db_name(db))
+ {
+ net_printf(&thd->net,ER_WRONG_DB_NAME, db ? db : "NULL");
+ goto err;
+ }
if (check_access(thd, SELECT_ACL, db, &table_list->grant.privilege))
goto err;
if (grant_option && check_grant(thd, SELECT_ACL, table_list))
@@ -710,6 +715,12 @@ bool do_command(THD *thd)
case COM_CREATE_DB:
{
char *db=thd->strdup(packet+1);
+ // null test to handle EOM
+ if (!db || !stripp_sp(db) || check_db_name(db))
+ {
+ net_printf(&thd->net,ER_WRONG_DB_NAME, db ? db : "NULL");
+ break;
+ }
if (check_access(thd,CREATE_ACL,db,0,1))
break;
mysql_log.write(thd,command,packet+1);
@@ -719,6 +730,12 @@ bool do_command(THD *thd)
case COM_DROP_DB:
{
char *db=thd->strdup(packet+1);
+ // null test to handle EOM
+ if (!db || !stripp_sp(db) || check_db_name(db))
+ {
+ net_printf(&thd->net,ER_WRONG_DB_NAME, db ? db : "NULL");
+ break;
+ }
if (check_access(thd,DROP_ACL,db,0,1) || end_active_trans(thd))
break;
mysql_log.write(thd,command,db);
@@ -1503,10 +1520,10 @@ mysql_execute_command(void)
goto error; /* purecov: inspected */
}
remove_escape(db); // Fix escaped '_'
- if (strlen(db) > NAME_LEN)
+ if (check_db_name(db))
{
- net_printf(&thd->net,ER_WRONG_DB_NAME, db);
- goto error;
+ net_printf(&thd->net,ER_WRONG_DB_NAME, db);
+ goto error;
}
if (check_access(thd,SELECT_ACL,db,&thd->col_access))
goto error; /* purecov: inspected */
@@ -1666,6 +1683,11 @@ mysql_execute_command(void)
break;
case SQLCOM_CREATE_DB:
{
+ if (!stripp_sp(lex->name) || check_db_name(lex->name))
+ {
+ net_printf(&thd->net,ER_WRONG_DB_NAME, lex->name);
+ break;
+ }
if (check_access(thd,CREATE_ACL,lex->name,0,1))
break;
mysql_create_db(thd,lex->name,lex->create_info.options);
@@ -1673,6 +1695,11 @@ mysql_execute_command(void)
}
case SQLCOM_DROP_DB:
{
+ if (!stripp_sp(lex->name) || check_db_name(lex->name))
+ {
+ net_printf(&thd->net,ER_WRONG_DB_NAME, lex->name);
+ break;
+ }
if (check_access(thd,DROP_ACL,lex->name,0,1) ||
end_active_trans(thd))
break;
@@ -1887,12 +1914,6 @@ check_access(THD *thd,uint want_access,const char *db, uint *save_priv,
if (db == any_db)
return FALSE; // Allow select on anything
- if (strlen(db) > NAME_LEN || check_db_name(db))
- {
- net_printf(&thd->net,ER_WRONG_DB_NAME, db);
- return TRUE;
- }
-
if (db && (!thd->db || strcmp(db,thd->db)))
db_access=acl_get(thd->host, thd->ip, (char*) &thd->remote.sin_addr,
thd->priv_user, db); /* purecov: inspected */
@@ -1970,7 +1991,8 @@ static bool check_db_used(THD *thd,TABLE_LIST *tables)
}
-static bool check_merge_table_access(THD *thd, char *db, TABLE_LIST *table_list)
+static bool check_merge_table_access(THD *thd, char *db,
+ TABLE_LIST *table_list)
{
int error=0;
if (table_list)
@@ -2463,8 +2485,8 @@ TABLE_LIST *add_table_to_list(Table_ident *table, LEX_STRING *alias,
DBUG_RETURN(0); // End of memory
alias_str= alias ? alias->str : table->table.str;
if (table->table.length > NAME_LEN ||
- table->db.str && table->db.length > NAME_LEN ||
- check_table_name(table->table.str,table->table.length))
+ check_table_name(table->table.str,table->table.length) ||
+ table->db.str && check_db_name(table->db.str))
{
net_printf(&thd->net,ER_WRONG_TABLE_NAME,table->table.str);
DBUG_RETURN(0);
diff --git a/sql/table.cc b/sql/table.cc
index 8ee6ee02d68..b6fde659cd9 100644
--- a/sql/table.cc
+++ b/sql/table.cc
@@ -1033,7 +1033,7 @@ char *get_field(MEM_ROOT *mem, TABLE *table, uint fieldnr)
bool check_db_name(const char *name)
{
- const char *start=end;
+ const char *start=name;
while (*name)
{
#if defined(USE_MB) && defined(USE_MB_IDENT)
View Lorry Controller Status