Commit 314a90e1 authored by Kentoku SHIBA's avatar Kentoku SHIBA

MDEV-20827 Wrong param parsing in spider_direct_sql() when param contain comma

parent ad1a3ce4
--connection child2_1
DROP USER tu@'%';
--disable_warnings
--disable_query_log
--disable_result_log
--source ../t/test_deinit.inc
--enable_result_log
--enable_query_log
--enable_warnings
--disable_warnings
--disable_query_log
--disable_result_log
--source ../t/test_init.inc
--enable_result_log
--enable_query_log
--enable_warnings
let $DIRECT_SQL_COMMAND=
SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
--connection child2_1
GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
for master_1
for child2
child2_1
child2_2
child2_3
for child3
connection child2_1;
GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
drop and create databases
connection master_1;
CREATE DATABASE auto_test_local;
USE auto_test_local;
CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) MASTER_1_ENGINE2
SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"')
1
SELECT pkey FROM tmp_a;
pkey
22
deinit
connection master_1;
DROP DATABASE IF EXISTS auto_test_local;
connection child2_1;
DROP USER tu@'%';
for master_1
for child2
child2_1
child2_2
child2_3
for child3
end of test
!include include/default_mysqld.cnf
!include ../my_1_1.cnf
!include ../my_2_1.cnf
--source ../include/direct_sql_with_comma_pwd_init.inc
--echo
--echo drop and create databases
--connection master_1
--disable_warnings
CREATE DATABASE auto_test_local;
USE auto_test_local;
--enable_warnings
--disable_query_log
echo CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) MASTER_1_ENGINE2;
eval CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) $MASTER_1_ENGINE2;
--enable_query_log
eval $DIRECT_SQL_COMMAND;
SELECT pkey FROM tmp_a;
--echo
--echo deinit
--disable_warnings
--connection master_1
DROP DATABASE IF EXISTS auto_test_local;
--enable_warnings
--source ../include/direct_sql_with_comma_pwd_deinit.inc
--echo
--echo end of test
...@@ -217,7 +217,7 @@ int spider_udf_parse_copy_tables_param( ...@@ -217,7 +217,7 @@ int spider_udf_parse_copy_tables_param(
) { ) {
int error_num = 0; int error_num = 0;
char *param_string = NULL; char *param_string = NULL;
char *sprit_ptr[2]; char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr;
int title_length; int title_length;
SPIDER_PARAM_STRING_PARSE param_string_parse; SPIDER_PARAM_STRING_PARSE param_string_parse;
...@@ -244,23 +244,17 @@ int spider_udf_parse_copy_tables_param( ...@@ -244,23 +244,17 @@ int spider_udf_parse_copy_tables_param(
} }
DBUG_PRINT("info",("spider param_string=%s", param_string)); DBUG_PRINT("info",("spider param_string=%s", param_string));
sprit_ptr[0] = param_string; sprit_ptr = param_string;
param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM); param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
while (sprit_ptr[0]) while (sprit_ptr)
{ {
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) tmp_ptr = sprit_ptr;
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t') *tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++; tmp_ptr++;
if (*tmp_ptr == '\0') if (*tmp_ptr == '\0')
continue; break;
title_length = 0; title_length = 0;
start_ptr = tmp_ptr; start_ptr = tmp_ptr;
...@@ -273,6 +267,11 @@ int spider_udf_parse_copy_tables_param( ...@@ -273,6 +267,11 @@ int spider_udf_parse_copy_tables_param(
start_ptr++; start_ptr++;
} }
param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = param_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length) switch (title_length)
{ {
......
...@@ -1172,7 +1172,7 @@ int spider_udf_parse_direct_sql_param( ...@@ -1172,7 +1172,7 @@ int spider_udf_parse_direct_sql_param(
) { ) {
int error_num = 0, roop_count; int error_num = 0, roop_count;
char *param_string = NULL; char *param_string = NULL;
char *sprit_ptr[2]; char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr;
int title_length; int title_length;
SPIDER_PARAM_STRING_PARSE param_string_parse; SPIDER_PARAM_STRING_PARSE param_string_parse;
...@@ -1211,23 +1211,17 @@ int spider_udf_parse_direct_sql_param( ...@@ -1211,23 +1211,17 @@ int spider_udf_parse_direct_sql_param(
} }
DBUG_PRINT("info",("spider param_string=%s", param_string)); DBUG_PRINT("info",("spider param_string=%s", param_string));
sprit_ptr[0] = param_string; sprit_ptr = param_string;
param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM); param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
while (sprit_ptr[0]) while (sprit_ptr)
{ {
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) tmp_ptr = sprit_ptr;
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t') *tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++; tmp_ptr++;
if (*tmp_ptr == '\0') if (*tmp_ptr == '\0')
continue; break;
title_length = 0; title_length = 0;
start_ptr = tmp_ptr; start_ptr = tmp_ptr;
...@@ -1240,6 +1234,11 @@ int spider_udf_parse_direct_sql_param( ...@@ -1240,6 +1234,11 @@ int spider_udf_parse_direct_sql_param(
start_ptr++; start_ptr++;
} }
param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = param_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length) switch (title_length)
{ {
......
...@@ -2053,7 +2053,7 @@ int spider_parse_connect_info( ...@@ -2053,7 +2053,7 @@ int spider_parse_connect_info(
) { ) {
int error_num = 0; int error_num = 0;
char *connect_string = NULL; char *connect_string = NULL;
char *sprit_ptr[2]; char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr; char *tmp_ptr, *tmp_ptr2, *start_ptr;
int roop_count; int roop_count;
int title_length; int title_length;
...@@ -2247,23 +2247,17 @@ int spider_parse_connect_info( ...@@ -2247,23 +2247,17 @@ int spider_parse_connect_info(
break; break;
} }
sprit_ptr[0] = connect_string; sprit_ptr = connect_string;
connect_string_parse.init(connect_string, ER_SPIDER_INVALID_CONNECT_INFO_NUM); connect_string_parse.init(connect_string, ER_SPIDER_INVALID_CONNECT_INFO_NUM);
while (sprit_ptr[0]) while (sprit_ptr)
{ {
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) tmp_ptr = sprit_ptr;
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' || while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t') *tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++; tmp_ptr++;
if (*tmp_ptr == '\0') if (*tmp_ptr == '\0')
continue; break;
title_length = 0; title_length = 0;
start_ptr = tmp_ptr; start_ptr = tmp_ptr;
...@@ -2276,6 +2270,11 @@ int spider_parse_connect_info( ...@@ -2276,6 +2270,11 @@ int spider_parse_connect_info(
start_ptr++; start_ptr++;
} }
connect_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length); connect_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = connect_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length) switch (title_length)
{ {
......
...@@ -180,6 +180,94 @@ typedef struct st_spider_param_string_parse ...@@ -180,6 +180,94 @@ typedef struct st_spider_param_string_parse
DBUG_RETURN(error_num); DBUG_RETURN(error_num);
} }
inline int get_next_parameter_head(char *st, char **nx)
{
DBUG_ENTER("get_next_parameter_head");
char *sq = strchr(st, '\'');
char *dq = strchr(st, '"');
if (!sq && !dq)
{
DBUG_RETURN(print_param_error());
}
else if (!sq || sq > dq)
{
while (1)
{
++dq;
if (*dq == '\\')
{
++dq;
}
else if (*dq == '"')
{
break;
}
else if (*dq == '\0')
{
DBUG_RETURN(print_param_error());
}
}
while (1)
{
++dq;
if (*dq == '\0')
{
*nx = dq;
break;
}
else if (*dq == ',')
{
*dq = '\0';
*nx = dq + 1;
break;
}
else if (*dq != ' ' && *dq != '\r' && *dq != '\n' && *dq != '\t')
{
DBUG_RETURN(print_param_error());
}
}
}
else
{
while (1)
{
++sq;
if (*sq == '\\')
{
++sq;
}
else if (*sq == '\'')
{
break;
}
else if (*sq == '\0')
{
DBUG_RETURN(print_param_error());
}
}
while (1)
{
++sq;
if (*sq == '\0')
{
*nx = sq;
break;
}
else if (*sq == ',')
{
*sq = '\0';
*nx = sq + 1;
break;
}
else if (*sq != ' ' && *sq != '\r' && *sq != '\n' && *sq != '\t')
{
DBUG_RETURN(print_param_error());
}
}
}
DBUG_RETURN(0);
}
/** /**
Restore the current parameter's input delimiter characters in the Restore the current parameter's input delimiter characters in the
parameter string. They were NULLed during parameter parsing. parameter string. They were NULLed during parameter parsing.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment