diff options
author | Kentoku SHIBA <kentokushiba@gmail.com> | 2020-08-17 09:45:03 +0900 |
---|---|---|
committer | Kentoku SHIBA <kentokushiba@gmail.com> | 2020-08-17 12:57:44 +0900 |
commit | f43d2c04f500f8f55634b11981b5b4f2e1334687 (patch) | |
tree | 9b0acfbcc26501c6ef3dc11467a6defd28832c33 | |
parent | 582290dacd5e7c5f474b983da60e4e60c53834ce (diff) | |
download | mariadb-git-bb-10.6-MDEV-20827.tar.gz |
MDEV-20827 Wrong param parsing in spider_direct_sql() when param contain commabb-10.6-MDEV-20827
9 files changed, 213 insertions, 33 deletions
diff --git a/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc new file mode 100644 index 00000000000..27682e43441 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_deinit.inc @@ -0,0 +1,9 @@ +--connection child2_1 +DROP USER tu@'%'; +--disable_warnings +--disable_query_log +--disable_result_log +--source ../t/test_deinit.inc +--enable_result_log +--enable_query_log +--enable_warnings diff --git a/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc new file mode 100644 index 00000000000..c87af2d02e4 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/include/direct_sql_with_comma_pwd_init.inc @@ -0,0 +1,11 @@ +--disable_warnings +--disable_query_log +--disable_result_log +--source ../t/test_init.inc +--enable_result_log +--enable_query_log +--enable_warnings +let $DIRECT_SQL_COMMAND= + SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"'); +--connection child2_1 +GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234'; diff --git a/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result new file mode 100644 index 00000000000..b485d645619 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/r/direct_sql_with_comma_pwd.result @@ -0,0 +1,37 @@ +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 +connection child2_1; +GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234'; + +drop and create databases +connection master_1; +CREATE DATABASE auto_test_local; +USE auto_test_local; +CREATE TEMPORARY TABLE tmp_a ( +pkey int NOT NULL, +PRIMARY KEY (pkey) +) MASTER_1_ENGINE2 +SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"'); +spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"') +1 +SELECT pkey FROM tmp_a; +pkey +22 + +deinit +connection master_1; +DROP DATABASE IF EXISTS auto_test_local; +connection child2_1; +DROP USER tu@'%'; +for master_1 +for child2 +child2_1 +child2_2 +child2_3 +for child3 + +end of test diff --git a/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf new file mode 100644 index 00000000000..05dfd8a0bce --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.cnf @@ -0,0 +1,3 @@ +!include include/default_mysqld.cnf +!include ../my_1_1.cnf +!include ../my_2_1.cnf diff --git a/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test new file mode 100644 index 00000000000..0b7d51190a7 --- /dev/null +++ b/storage/spider/mysql-test/spider/bugfix/t/direct_sql_with_comma_pwd.test @@ -0,0 +1,35 @@ +--source ../include/direct_sql_with_comma_pwd_init.inc +--echo +--echo drop and create databases + +--connection master_1 +--disable_warnings +CREATE DATABASE auto_test_local; +USE auto_test_local; +--enable_warnings + +--disable_query_log +echo CREATE TEMPORARY TABLE tmp_a ( + pkey int NOT NULL, + PRIMARY KEY (pkey) +) MASTER_1_ENGINE2; +eval CREATE TEMPORARY TABLE tmp_a ( + pkey int NOT NULL, + PRIMARY KEY (pkey) +) $MASTER_1_ENGINE2; +--enable_query_log + +eval $DIRECT_SQL_COMMAND; +SELECT pkey FROM tmp_a; + +--echo +--echo deinit +--disable_warnings + +--connection master_1 +DROP DATABASE IF EXISTS auto_test_local; + +--enable_warnings +--source ../include/direct_sql_with_comma_pwd_deinit.inc +--echo +--echo end of test diff --git a/storage/spider/spd_copy_tables.cc b/storage/spider/spd_copy_tables.cc index ed08cb8a6af..28bc5464e13 100644 --- a/storage/spider/spd_copy_tables.cc +++ b/storage/spider/spd_copy_tables.cc @@ -217,7 +217,7 @@ int spider_udf_parse_copy_tables_param( ) { int error_num = 0; char *param_string = NULL; - char *sprit_ptr[2]; + char *sprit_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr; int title_length; SPIDER_PARAM_STRING_PARSE param_string_parse; @@ -244,23 +244,17 @@ int spider_udf_parse_copy_tables_param( } DBUG_PRINT("info",("spider param_string=%s", param_string)); - sprit_ptr[0] = param_string; + sprit_ptr = param_string; param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM); - while (sprit_ptr[0]) + while (sprit_ptr) { - if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) - { - *sprit_ptr[1] = '\0'; - sprit_ptr[1]++; - } - tmp_ptr = sprit_ptr[0]; - sprit_ptr[0] = sprit_ptr[1]; + tmp_ptr = sprit_ptr; while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || *tmp_ptr == '\n' || *tmp_ptr == '\t') tmp_ptr++; if (*tmp_ptr == '\0') - continue; + break; title_length = 0; start_ptr = tmp_ptr; @@ -273,6 +267,11 @@ int spider_udf_parse_copy_tables_param( start_ptr++; } param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); + if ((error_num = param_string_parse.get_next_parameter_head( + start_ptr, &sprit_ptr))) + { + goto error; + } switch (title_length) { diff --git a/storage/spider/spd_direct_sql.cc b/storage/spider/spd_direct_sql.cc index dd5b3ea7d69..6db37de78ab 100644 --- a/storage/spider/spd_direct_sql.cc +++ b/storage/spider/spd_direct_sql.cc @@ -1214,7 +1214,7 @@ int spider_udf_parse_direct_sql_param( ) { int error_num = 0, roop_count; char *param_string = NULL; - char *sprit_ptr[2]; + char *sprit_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr; int title_length; SPIDER_PARAM_STRING_PARSE param_string_parse; @@ -1253,23 +1253,17 @@ int spider_udf_parse_direct_sql_param( } DBUG_PRINT("info",("spider param_string=%s", param_string)); - sprit_ptr[0] = param_string; + sprit_ptr = param_string; param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM); - while (sprit_ptr[0]) + while (sprit_ptr) { - if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) - { - *sprit_ptr[1] = '\0'; - sprit_ptr[1]++; - } - tmp_ptr = sprit_ptr[0]; - sprit_ptr[0] = sprit_ptr[1]; + tmp_ptr = sprit_ptr; while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || *tmp_ptr == '\n' || *tmp_ptr == '\t') tmp_ptr++; if (*tmp_ptr == '\0') - continue; + break; title_length = 0; start_ptr = tmp_ptr; @@ -1282,6 +1276,11 @@ int spider_udf_parse_direct_sql_param( start_ptr++; } param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); + if ((error_num = param_string_parse.get_next_parameter_head( + start_ptr, &sprit_ptr))) + { + goto error; + } switch (title_length) { diff --git a/storage/spider/spd_table.cc b/storage/spider/spd_table.cc index e61f671f3cd..f8ef49aa9fc 100644 --- a/storage/spider/spd_table.cc +++ b/storage/spider/spd_table.cc @@ -2085,7 +2085,7 @@ int spider_parse_connect_info( ) { int error_num = 0; char *connect_string = NULL; - char *sprit_ptr[2]; + char *sprit_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr; int roop_count; int title_length; @@ -2279,23 +2279,17 @@ int spider_parse_connect_info( break; } - sprit_ptr[0] = connect_string; + sprit_ptr = connect_string; connect_string_parse.init(connect_string, ER_SPIDER_INVALID_CONNECT_INFO_NUM); - while (sprit_ptr[0]) + while (sprit_ptr) { - if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) - { - *sprit_ptr[1] = '\0'; - sprit_ptr[1]++; - } - tmp_ptr = sprit_ptr[0]; - sprit_ptr[0] = sprit_ptr[1]; + tmp_ptr = sprit_ptr; while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || *tmp_ptr == '\n' || *tmp_ptr == '\t') tmp_ptr++; if (*tmp_ptr == '\0') - continue; + break; title_length = 0; start_ptr = tmp_ptr; @@ -2308,6 +2302,11 @@ int spider_parse_connect_info( start_ptr++; } connect_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); + if ((error_num = connect_string_parse.get_next_parameter_head( + start_ptr, &sprit_ptr))) + { + goto error; + } switch (title_length) { diff --git a/storage/spider/spd_table.h b/storage/spider/spd_table.h index c03f15a5a88..c57f4e4d4c0 100644 --- a/storage/spider/spd_table.h +++ b/storage/spider/spd_table.h @@ -180,6 +180,94 @@ typedef struct st_spider_param_string_parse DBUG_RETURN(error_num); } + inline int get_next_parameter_head(char *st, char **nx) + { + DBUG_ENTER("get_next_parameter_head"); + char *sq = strchr(st, '\''); + char *dq = strchr(st, '"'); + if (!sq && !dq) + { + DBUG_RETURN(print_param_error()); + } + else if (!sq || sq > dq) + { + while (1) + { + ++dq; + if (*dq == '\\') + { + ++dq; + } + else if (*dq == '"') + { + break; + } + else if (*dq == '\0') + { + DBUG_RETURN(print_param_error()); + } + } + while (1) + { + ++dq; + if (*dq == '\0') + { + *nx = dq; + break; + } + else if (*dq == ',') + { + *dq = '\0'; + *nx = dq + 1; + break; + } + else if (*dq != ' ' && *dq != '\r' && *dq != '\n' && *dq != '\t') + { + DBUG_RETURN(print_param_error()); + } + } + } + else + { + while (1) + { + ++sq; + if (*sq == '\\') + { + ++sq; + } + else if (*sq == '\'') + { + break; + } + else if (*sq == '\0') + { + DBUG_RETURN(print_param_error()); + } + } + while (1) + { + ++sq; + if (*sq == '\0') + { + *nx = sq; + break; + } + else if (*sq == ',') + { + *sq = '\0'; + *nx = sq + 1; + break; + } + else if (*sq != ' ' && *sq != '\r' && *sq != '\n' && *sq != '\t') + { + DBUG_RETURN(print_param_error()); + } + } + } + DBUG_RETURN(0); + } + /** Restore the current parameter's input delimiter characters in the parameter string. They were NULLed during parameter parsing. |