Commit 5ac61b2a authored by Anushree Prakash B's avatar Anushree Prakash B Committed by Nawaz Nazeer Ahamed

Bug#26372491 - RCE THROUGH THE MISHANDLE OF BACKSLASH

DESCRIPTION:
===========
The bug is related to incorrect parsing of SQL queries
when typed in on the CLI. The incorrect parsing can
result in unexpected results.

ANALYSIS:
========
The scenarios mainly happens for identifier names
with a typical combination of backslashes and backticks.
The incorrect parsing can either result in executing
additional queries or can result in query truncation.
This can impact mysqldump as well.

FIX:
===
The fix makes sure that such identifier names are
correctly parsed and a proper query is sent to the
server for execution.

(cherry picked from commit 31a372aa1c2b93dc75267d1f05a7f7fca6080dc0)
parent f7316aa0
...@@ -2119,6 +2119,9 @@ static bool add_line(String &buffer,char *line,char *in_string, ...@@ -2119,6 +2119,9 @@ static bool add_line(String &buffer,char *line,char *in_string,
if (*in_string || inchar == 'N') // \N is short for NULL if (*in_string || inchar == 'N') // \N is short for NULL
{ // Don't allow commands in string { // Don't allow commands in string
*out++='\\'; *out++='\\';
if ((inchar == '`') && (*in_string == inchar))
pos--;
else
*out++= (char) inchar; *out++= (char) inchar;
continue; continue;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment