MDEV-20827 Wrong param parsing in spider_direct_sql() when param contain commabb-10.6-MDEV-20827

author: Kentoku SHIBA <kentokushiba@gmail.com> 2020-08-17 09:45:03 +0900
committer: Kentoku SHIBA <kentokushiba@gmail.com> 2020-08-17 12:57:44 +0900
commit: f43d2c04f500f8f55634b11981b5b4f2e1334687 (patch)
tree: 9b0acfbcc26501c6ef3dc11467a6defd28832c33
parent: 582290dacd5e7c5f474b983da60e4e60c53834ce (diff)
download: mariadb-git-bb-10.6-MDEV-20827.tar.gz
9 files changed, 213 insertions, 33 deletions
diff --git a/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc
new file mode 100644
index 00000000000..27682e43441
--- /dev/null
+++ b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc
@@ -0,0 +1,9 @@
+--connection child2_1
+DROP USER tu@'%';
+--disable_warnings
+--disable_query_log
+--disable_result_log
+--source ../t/test_deinit.inc
+--enable_result_log
+--enable_query_log
+--enable_warnings
diff --git a/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc
new file mode 100644
index 00000000000..c87af2d02e4
--- /dev/null
+++ b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc
@@ -0,0 +1,11 @@
+--disable_warnings
+--disable_query_log
+--disable_result_log
+--source ../t/test_init.inc
+--enable_result_log
+--enable_query_log
+--enable_warnings
+let $DIRECT_SQL_COMMAND=
+  SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
+--connection child2_1
+GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
diff --git a/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result
new file mode 100644
index 00000000000..b485d645619
--- /dev/null
+++ b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result
@@ -0,0 +1,37 @@
+for master_1
+for child2
+child2_1
+child2_2
+child2_3
+for child3
+connection child2_1;
+GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
+
+drop and create databases
+connection master_1;
+CREATE DATABASE auto_test_local;
+USE auto_test_local;
+CREATE TEMPORARY TABLE tmp_a (
+pkey int NOT NULL,
+PRIMARY KEY (pkey)
+) MASTER_1_ENGINE2
+SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
+spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"')
+1
+SELECT pkey FROM tmp_a;
+pkey
+22
+
+deinit
+connection master_1;
+DROP DATABASE IF EXISTS auto_test_local;
+connection child2_1;
+DROP USER tu@'%';
+for master_1
+for child2
+child2_1
+child2_2
+child2_3
+for child3
+
+end of test
diff --git a/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf
new file mode 100644
index 00000000000..05dfd8a0bce
--- /dev/null
+++ b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf
@@ -0,0 +1,3 @@
+!include include/default_mysqld.cnf
+!include ../my_1_1.cnf
+!include ../my_2_1.cnf
diff --git a/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test
new file mode 100644
index 00000000000..0b7d51190a7
--- /dev/null
+++ b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test
@@ -0,0 +1,35 @@
+--source ../include/direct_sql_with_comma_pwd_init.inc
+--echo
+--echo drop and create databases
+
+--connection master_1
+--disable_warnings
+CREATE DATABASE auto_test_local;
+USE auto_test_local;
+--enable_warnings
+
+--disable_query_log
+echo CREATE TEMPORARY TABLE tmp_a (
+    pkey int NOT NULL,
+    PRIMARY KEY (pkey)
+) MASTER_1_ENGINE2;
+eval CREATE TEMPORARY TABLE tmp_a (
+    pkey int NOT NULL,
+    PRIMARY KEY (pkey)
+) $MASTER_1_ENGINE2;
+--enable_query_log
+
+eval $DIRECT_SQL_COMMAND;
+SELECT pkey FROM tmp_a;
+
+--echo
+--echo deinit
+--disable_warnings
+
+--connection master_1
+DROP DATABASE IF EXISTS auto_test_local;
+
+--enable_warnings
+--source ../include/direct_sql_with_comma_pwd_deinit.inc
+--echo
+--echo end of test
diff --git a/storage/spider/spd_copy_tables.cc b/storage/spider/spd_copy_tables.cc
index ed08cb8a6af..28bc5464e13 100644
--- a/storage/spider/spd_copy_tables.cc
+++ b/storage/spider/spd_copy_tables.cc
@@ -217,7 +217,7 @@ int spider_udf_parse_copy_tables_param(
 ) {
   int error_num = 0;
   char *param_string = NULL;
-  char *sprit_ptr[2];
+  char *sprit_ptr;
   char *tmp_ptr, *tmp_ptr2, *start_ptr;
   int title_length;
   SPIDER_PARAM_STRING_PARSE param_string_parse;
@@ -244,23 +244,17 @@ int spider_udf_parse_copy_tables_param(
   }
   DBUG_PRINT("info",("spider param_string=%s", param_string));
 
-  sprit_ptr[0] = param_string;
+  sprit_ptr = param_string;
   param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
-  while (sprit_ptr[0])
+  while (sprit_ptr)
   {
-    if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
-    {
-      *sprit_ptr[1] = '\0';
-      sprit_ptr[1]++;
-    }
-    tmp_ptr = sprit_ptr[0];
-    sprit_ptr[0] = sprit_ptr[1];
+    tmp_ptr = sprit_ptr;
     while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
       *tmp_ptr == '\n' || *tmp_ptr == '\t')
       tmp_ptr++;
 
     if (*tmp_ptr == '\0')
-      continue;
+      break;
 
     title_length = 0;
     start_ptr = tmp_ptr;
@@ -273,6 +267,11 @@ int spider_udf_parse_copy_tables_param(
       start_ptr++;
     }
     param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
+    if ((error_num = param_string_parse.get_next_parameter_head(
+      start_ptr, &sprit_ptr)))
+    {
+      goto error;
+    }
 
     switch (title_length)
     {
diff --git a/storage/spider/spd_direct_sql.cc b/storage/spider/spd_direct_sql.cc
index dd5b3ea7d69..6db37de78ab 100644
--- a/storage/spider/spd_direct_sql.cc
+++ b/storage/spider/spd_direct_sql.cc
@@ -1214,7 +1214,7 @@ int spider_udf_parse_direct_sql_param(
 ) {
   int error_num = 0, roop_count;
   char *param_string = NULL;
-  char *sprit_ptr[2];
+  char *sprit_ptr;
   char *tmp_ptr, *tmp_ptr2, *start_ptr;
   int title_length;
   SPIDER_PARAM_STRING_PARSE param_string_parse;
@@ -1253,23 +1253,17 @@ int spider_udf_parse_direct_sql_param(
   }
   DBUG_PRINT("info",("spider param_string=%s", param_string));
 
-  sprit_ptr[0] = param_string;
+  sprit_ptr = param_string;
   param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
-  while (sprit_ptr[0])
+  while (sprit_ptr)
   {
-    if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
-    {
-      *sprit_ptr[1] = '\0';
-      sprit_ptr[1]++;
-    }
-    tmp_ptr = sprit_ptr[0];
-    sprit_ptr[0] = sprit_ptr[1];
+    tmp_ptr = sprit_ptr;
     while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
       *tmp_ptr == '\n' || *tmp_ptr == '\t')
       tmp_ptr++;
 
     if (*tmp_ptr == '\0')
-      continue;
+      break;
 
     title_length = 0;
     start_ptr = tmp_ptr;
@@ -1282,6 +1276,11 @@ int spider_udf_parse_direct_sql_param(
       start_ptr++;
     }
     param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
+    if ((error_num = param_string_parse.get_next_parameter_head(
+      start_ptr, &sprit_ptr)))
+    {
+      goto error;
+    }
 
     switch (title_length)
     {
diff --git a/storage/spider/spd_table.cc b/storage/spider/spd_table.cc
index e61f671f3cd..f8ef49aa9fc 100644
--- a/storage/spider/spd_table.cc
+++ b/storage/spider/spd_table.cc
@@ -2085,7 +2085,7 @@ int spider_parse_connect_info(
 ) {
   int error_num = 0;
   char *connect_string = NULL;
-  char *sprit_ptr[2];
+  char *sprit_ptr;
   char *tmp_ptr, *tmp_ptr2, *start_ptr;
   int roop_count;
   int title_length;
@@ -2279,23 +2279,17 @@ int spider_parse_connect_info(
         break;
     }
 
-    sprit_ptr[0] = connect_string;
+    sprit_ptr = connect_string;
     connect_string_parse.init(connect_string, ER_SPIDER_INVALID_CONNECT_INFO_NUM);
-    while (sprit_ptr[0])
+    while (sprit_ptr)
     {
-      if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
-      {
-        *sprit_ptr[1] = '\0';
-        sprit_ptr[1]++;
-      }
-      tmp_ptr = sprit_ptr[0];
-      sprit_ptr[0] = sprit_ptr[1];
+      tmp_ptr = sprit_ptr;
       while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
         *tmp_ptr == '\n' || *tmp_ptr == '\t')
         tmp_ptr++;
 
       if (*tmp_ptr == '\0')
-        continue;
+        break;
 
       title_length = 0;
       start_ptr = tmp_ptr;
@@ -2308,6 +2302,11 @@ int spider_parse_connect_info(
         start_ptr++;
       }
       connect_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
+      if ((error_num = connect_string_parse.get_next_parameter_head(
+        start_ptr, &sprit_ptr)))
+      {
+        goto error;
+      }
 
       switch (title_length)
       {
diff --git a/storage/spider/spd_table.h b/storage/spider/spd_table.h
index c03f15a5a88..c57f4e4d4c0 100644
--- a/storage/spider/spd_table.h
+++ b/storage/spider/spd_table.h
@@ -180,6 +180,94 @@ typedef struct st_spider_param_string_parse
     DBUG_RETURN(error_num);
   }
 
+  inline int get_next_parameter_head(char *st, char **nx)
+  {
+    DBUG_ENTER("get_next_parameter_head");
+    char *sq = strchr(st, '\'');
+    char *dq = strchr(st, '"');
+    if (!sq && !dq)
+    {
+      DBUG_RETURN(print_param_error());
+    }
+    else if (!sq || sq > dq)
+    {
+      while (1)
+      {
+        ++dq;
+        if (*dq == '\\')
+        {
+          ++dq;
+        }
+        else if (*dq == '"')
+        {
+          break;
+        }
+        else if (*dq == '\0')
+        {
+          DBUG_RETURN(print_param_error());
+        }
+      }
+      while (1)
+      {
+        ++dq;
+        if (*dq == '\0')
+        {
+          *nx = dq;
+          break;
+        }
+        else if (*dq == ',')
+        {
+          *dq = '\0';
+          *nx = dq + 1;
+          break;
+        }
+        else if (*dq != ' ' && *dq != '\r' && *dq != '\n' && *dq != '\t')
+        {
+          DBUG_RETURN(print_param_error());
+        }
+      }
+    }
+    else
+    {
+      while (1)
+      {
+        ++sq;
+        if (*sq == '\\')
+        {
+          ++sq;
+        }
+        else if (*sq == '\'')
+        {
+          break;
+        }
+        else if (*sq == '\0')
+        {
+          DBUG_RETURN(print_param_error());
+        }
+      }
+      while (1)
+      {
+        ++sq;
+        if (*sq == '\0')
+        {
+          *nx = sq;
+          break;
+        }
+        else if (*sq == ',')
+        {
+          *sq = '\0';
+          *nx = sq + 1;
+          break;
+        }
+        else if (*sq != ' ' && *sq != '\r' && *sq != '\n' && *sq != '\t')
+        {
+          DBUG_RETURN(print_param_error());
+        }
+      }
+    }
+    DBUG_RETURN(0);
+  }
+
   /**
     Restore the current parameter's input delimiter characters in the
     parameter string.  They were NULLed during parameter parsing.
author	Kentoku SHIBA <kentokushiba@gmail.com>	2020-08-17 09:45:03 +0900
committer	Kentoku SHIBA <kentokushiba@gmail.com>	2020-08-17 12:57:44 +0900
commit	f43d2c04f500f8f55634b11981b5b4f2e1334687 (patch)
tree	9b0acfbcc26501c6ef3dc11467a6defd28832c33
parent	582290dacd5e7c5f474b983da60e4e60c53834ce (diff)
download	mariadb-git-bb-10.6-MDEV-20827.tar.gz