Fixed BUG#8760: Stored Procedures: Invalid SQLSTATE is allowed in

a DECLARE ? HANDLER FOR stmt. mysql-test/r/sp-error.result: New test case for BUG#8776 (check format of sqlstates in handler declarations). mysql-test/t/sp-error.test: New test case for BUG#8776 (check format of sqlstates in handler declarations). sql/share/errmsg.txt: New error message for malformed SQLSTATEs. sql/sp_pcontext.cc: Added function for checking SQLSTATE format. sql/sp_pcontext.h: Added function for checking SQLSTATE format. sql/sql_yacc.yy: Check format of SQLSTATE in handler declaration.

Fixed BUG#8760: Stored Procedures: Invalid SQLSTATE is allowed in
a DECLARE ? HANDLER FOR stmt. mysql-test/r/sp-error.result: New test case for BUG#8776 (check format of sqlstates in handler declarations). mysql-test/t/sp-error.test: New test case for BUG#8776 (check format of sqlstates in handler declarations). sql/share/errmsg.txt: New error message for malformed SQLSTATEs. sql/sp_pcontext.cc: Added function for checking SQLSTATE format. sql/sp_pcontext.h: Added function for checking SQLSTATE format. sql/sql_yacc.yy: Check format of SQLSTATE in handler declaration.
5021a94d · unknown · f93a08ee · 5021a94d · 5021a94d · 5021a94d
Commit 5021a94d authored Feb 28, 2005 by unknown
6 changed files
--- a/mysql-test/r/sp-error.result
+++ b/mysql-test/r/sp-error.result
@@ -466,4 +466,32 @@ ERROR 70100: Query execution was interrupted
 call bug6807()|
 ERROR 70100: Query execution was interrupted
 drop procedure bug6807|
+drop procedure if exists bug8776_1|
+drop procedure if exists bug8776_2|
+drop procedure if exists bug8776_3|
+drop procedure if exists bug8776_4|
+create procedure bug8776_1()
+begin
+declare continue handler for sqlstate '42S0200test' begin end;
+begin end;
+end|
+ERROR 42000: Bad SQLSTATE: '42S0200test'
+create procedure bug8776_2()
+begin
+declare continue handler for sqlstate '4200' begin end;
+begin end;
+end|
+ERROR 42000: Bad SQLSTATE: '4200'
+create procedure bug8776_3()
+begin
+declare continue handler for sqlstate '420000' begin end;
+begin end;
+end|
+ERROR 42000: Bad SQLSTATE: '420000'
+create procedure bug8776_4()
+begin
+declare continue handler for sqlstate '42x00' begin end;
+begin end;
+end|
+ERROR 42000: Bad SQLSTATE: '42x00'
 drop table t1|
--- a/mysql-test/t/sp-error.test
+++ b/mysql-test/t/sp-error.test
@@ -641,6 +641,44 @@ call bug6807()|

 drop procedure bug6807|

+#
+# BUG#876: Stored Procedures: Invalid SQLSTATE is allowed in 
+#          a DECLARE ? HANDLER FOR stmt.
+#
+--disable_warnings
+drop procedure if exists bug8776_1|
+drop procedure if exists bug8776_2|
+drop procedure if exists bug8776_3|
+drop procedure if exists bug8776_4|
+--enable_warnings
+--error ER_SP_BAD_SQLSTATE
+create procedure bug8776_1()
+begin
+  declare continue handler for sqlstate '42S0200test' begin end;
+  begin end;
+end|
+
+--error ER_SP_BAD_SQLSTATE
+create procedure bug8776_2()
+begin
+  declare continue handler for sqlstate '4200' begin end;
+  begin end;
+end|
+
+--error ER_SP_BAD_SQLSTATE
+create procedure bug8776_3()
+begin
+  declare continue handler for sqlstate '420000' begin end;
+  begin end;
+end|
+
+--error ER_SP_BAD_SQLSTATE
+create procedure bug8776_4()
+begin
+  declare continue handler for sqlstate '42x00' begin end;
+  begin end;
+end|
+

 drop table t1|


--- a/sql/share/errmsg.txt
+++ b/sql/share/errmsg.txt
@@ -5326,3 +5326,5 @@ ER_PROC_AUTO_REVOKE_FAIL
 	eng "Failed to revoke all privileges to dropped routine"
 ER_DATA_TOO_LONG 22001
 	eng "Data too long for column '%s' at row %ld"
+ER_SP_BAD_SQLSTATE 42000
+	eng "Bad SQLSTATE: '%s'"
--- a/sql/sp_pcontext.cc
+++ b/sql/sp_pcontext.cc
@@ -26,6 +26,30 @@
 #include "sp_pcontext.h"
 #include "sp_head.h"

+/*
+ * Sanity check for SQLSTATEs. Will not check if it's really an existing
+ * state (there are just too many), but will check length and bad characters.
+ * Returns TRUE if it's ok, FALSE if it's bad.
+ */
+bool
+sp_cond_check(LEX_STRING *sqlstate)
+{
+  int i;
+  const char *p;
+
+  if (sqlstate->length != 5)
+    return FALSE;
+  for (p= sqlstate->str, i= 0 ; i < 5 ; i++)
+  {
+    char c = p[i];
+
+    if ((c < '0' || '9' < c) &&
+	(c < 'A' || 'Z' < c))
+      return FALSE;
+  }
+  return TRUE;
+}
+
 sp_pcontext::sp_pcontext(sp_pcontext *prev)
  : Sql_alloc(), m_psubsize(0), m_csubsize(0), m_hsubsize(0),
    m_handlers(0), m_parent(prev)

--- a/sql/sp_pcontext.h
+++ b/sql/sp_pcontext.h
@@ -60,6 +60,12 @@ typedef struct sp_cond_type
  uint mysqlerr;
 } sp_cond_type_t;

+/* Sanity check for SQLSTATEs. Will not check if it's really an existing
+ * state (there are just too many), but will check length bad characters.
+ */
+extern bool
+sp_cond_check(LEX_STRING *sqlstate);
+
 typedef struct sp_cond
 {
  LEX_STRING name;

--- a/sql/sql_yacc.yy
+++ b/sql/sql_yacc.yy
@@ -1760,13 +1760,15 @@ sp_cond:
 	  }
 	| SQLSTATE_SYM opt_value TEXT_STRING_literal
 	  {		/* SQLSTATE */
-	    uint len= ($3.length < sizeof($$->sqlstate)-1 ?
-                       $3.length : sizeof($$->sqlstate)-1);
-
+	    if (!sp_cond_check(&$3))
+	    {
+	      my_error(ER_SP_BAD_SQLSTATE, MYF(0), $3.str);
+	      YYABORT;
+	    }
 	    $$= (sp_cond_type_t *)YYTHD->alloc(sizeof(sp_cond_type_t));
 	    $$->type= sp_cond_type_t::state;
-	    memcpy($$->sqlstate, $3.str, len);
-	    $$->sqlstate[len]= '\0';
+	    memcpy($$->sqlstate, $3.str, 5);
+	    $$->sqlstate[5]= '\0';
 	  }
 	;