Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH

DESCRIPTION:
===========
The bug is related to incorrect parsing of SQL queries
when typed in on the CLI. The incorrect parsing can
result in unexpected results.

ANALYSIS:
========
The scenarios mainly happens for identifier names
with a typical combination of backslashes and backticks.
The incorrect parsing can either result in executing
additional queries or can result in query truncation.
This can impact mysqldump as well.

FIX:
===
The fix makes sure that such identifier names are
correctly parsed and a proper query is sent to the
server for execution.

(cherry picked from commit 31a372aa1c2b93dc75267d1f05a7f7fca6080dc0)

client/mysql.cc

@@ -2119,7 +2119,10 @@ static bool add_line(String &buffer,char *line,char *in_string,
       if (*in_string || inchar == 'N')	// \N is short for NULL
       {					// Don't allow commands in string
 	*out++='\\';
-	*out++= (char) inchar;
+        if ((inchar == '`') && (*in_string == inchar))
+          pos--;
+        else
+	  *out++= (char) inchar;
 	continue;
       }
       if ((com=find_command(NullS,(char) inchar)))