From cdad8669dfcc82515a83e188627d58f702a54aa5 Mon Sep 17 00:00:00 2001
From: "davi@mysql.com/endora.local" <>
Date: Mon, 26 Nov 2007 14:09:37 -0200
Subject: Bug#29592 SQL Injection issue

Remove the mysql_odbc_escape_string() function. The function
has multi-byte character escaping issues, doesn't honor the
NO_BACKSLASH_ESCAPES mode and is not used anymore by the
Connector/ODBC as of 3.51.17.
---
 libmysql/libmysql.c   | 72 ---------------------------------------------------
 libmysql/libmysql.def |  1 -
 2 files changed, 73 deletions(-)

(limited to 'libmysql')

diff --git a/libmysql/libmysql.c b/libmysql/libmysql.c
index 85509b49fdd..4afc3ec5925 100644
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
   return escape_string_for_mysql(mysql->charset, to, 0, from, length);
 }
 
-
-char * STDCALL
-mysql_odbc_escape_string(MYSQL *mysql,
-			 char *to, ulong to_length,
-			 const char *from, ulong from_length,
-			 void *param,
-			 char * (*extend_buffer)
-			 (void *, char *, ulong *))
-{
-  char *to_end=to+to_length-5;
-  const char *end;
-#ifdef USE_MB
-  my_bool use_mb_flag=use_mb(mysql->charset);
-#endif
-
-  for (end=from+from_length; from != end ; from++)
-  {
-    if (to >= to_end)
-    {
-      to_length = (ulong) (end-from)+512;	/* We want this much more */
-      if (!(to=(*extend_buffer)(param, to, &to_length)))
-	return to;
-      to_end=to+to_length-5;
-    }
-#ifdef USE_MB
-    {
-      int l;
-      if (use_mb_flag && (l = my_ismbchar(mysql->charset, from, end)))
-      {
-	while (l--)
-	  *to++ = *from++;
-	from--;
-	continue;
-      }
-    }
-#endif
-    switch (*from) {
-    case 0:				/* Must be escaped for 'mysql' */
-      *to++= '\\';
-      *to++= '0';
-      break;
-    case '\n':				/* Must be escaped for logs */
-      *to++= '\\';
-      *to++= 'n';
-      break;
-    case '\r':
-      *to++= '\\';
-      *to++= 'r';
-      break;
-    case '\\':
-      *to++= '\\';
-      *to++= '\\';
-      break;
-    case '\'':
-      *to++= '\\';
-      *to++= '\'';
-      break;
-    case '"':				/* Better safe than sorry */
-      *to++= '\\';
-      *to++= '"';
-      break;
-    case '\032':			/* This gives problems on Win32 */
-      *to++= '\\';
-      *to++= 'Z';
-      break;
-    default:
-      *to++= *from;
-    }
-  }
-  return to;
-}
-
 void STDCALL
 myodbc_remove_escape(MYSQL *mysql,char *name)
 {
diff --git a/libmysql/libmysql.def b/libmysql/libmysql.def
index 8c6b71d9553..81f86dc8726 100644
--- a/libmysql/libmysql.def
+++ b/libmysql/libmysql.def
@@ -78,7 +78,6 @@ EXPORTS
 	mysql_next_result
 	mysql_num_fields
 	mysql_num_rows
-	mysql_odbc_escape_string
 	mysql_options
 	mysql_stmt_param_count
 	mysql_stmt_param_metadata
-- 
cgit v1.2.1