Commit 1e361f28 authored by Sergei Golubchik's avatar Sergei Golubchik

MDEV-4664 mysql_upgrade crashes if root's password contains an apostrophe/single quotation mark

fix dynstr_append_os_quoted() to escape single quotes correctly
for a POSIX shell
parent 9e4e4121
......@@ -143,8 +143,10 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
{
#ifdef __WIN__
LEX_CSTRING quote= { C_STRING_WITH_LEN("\"") };
LEX_CSTRING replace= { C_STRING_WITH_LEN("\\\"") };
#else
LEX_CSTRING quote= { C_STRING_WITH_LEN("\'") };
LEX_CSTRING replace= { C_STRING_WITH_LEN("'\"'\"'") };
#endif /* __WIN__ */
my_bool ret= TRUE;
va_list dirty_text;
......@@ -160,8 +162,7 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
while(*(next_pos= strcend(cur_pos, quote.str[0])) != '\0')
{
ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));
ret&= dynstr_append_mem(str, STRING_WITH_LEN("\\"));
ret&= dynstr_append_mem(str, quote.str, quote.length);
ret&= dynstr_append_mem(str, replace.str, replace.length);
cur_pos= next_pos + 1;
}
ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));
......
......@@ -47,25 +47,25 @@ int main(void)
check("'space inside'");
ok(dynstr_append_os_quoted(&str1, "single'quote", NULL) == 0, "append");
check("'single\\'quote'");
check("'single'\"'\"'quote'");
ok(dynstr_append_os_quoted(&str1, "many'single'quotes", NULL) == 0, "append");
check("'many\\'single\\'quotes'");
check("'many'\"'\"'single'\"'\"'quotes'");
ok(dynstr_append_os_quoted(&str1, "'single quoted'", NULL) == 0, "append");
check("'\\'single quoted\\''");
check("''\"'\"'single quoted'\"'\"''");
ok(dynstr_append_os_quoted(&str1, "double\"quote", NULL) == 0, "append");
check("'double\"quote'");
ok(dynstr_append_os_quoted(&str1, "mixed\"single'and\"double'quotes", NULL) == 0, "append");
check("'mixed\"single\\'and\"double\\'quotes'");
check("'mixed\"single'\"'\"'and\"double'\"'\"'quotes'");
ok(dynstr_append_os_quoted(&str1, "back\\space", NULL) == 0, "append");
check("'back\\space'");
ok(dynstr_append_os_quoted(&str1, "backspace\\'and\\\"quote", NULL) == 0, "append");
check("'backspace\\\\'and\\\"quote'");
check("'backspace\\'\"'\"'and\\\"quote'");
dynstr_free(&str1);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment