Commit 43632f4c authored by Anushree Prakash B's avatar Anushree Prakash B

Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH

DESCRIPTION:
===========
The bug is related to incorrect parsing of SQL queries
when typed in on the CLI. The incorrect parsing can
result in unexpected results.

ANALYSIS:
========
The scenarios mainly happens for identifier names
with a typical combination of backslashes and backticks.
The incorrect parsing can either result in executing
additional queries or can result in query truncation.
This can impact mysqldump as well.

FIX:
===
The fix makes sure that such identifier names are
correctly parsed and a proper query is sent to the
server for execution.
parent 14176f71
......@@ -2119,7 +2119,10 @@ static bool add_line(String &buffer,char *line,char *in_string,
if (*in_string || inchar == 'N') // \N is short for NULL
{ // Don't allow commands in string
*out++='\\';
*out++= (char) inchar;
if ((inchar == '`') && (*in_string == inchar))
pos--;
else
*out++= (char) inchar;
continue;
}
if ((com=find_command(NullS,(char) inchar)))
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment