Commit 6e512d61 authored by unknown's avatar unknown

Bug#29592 SQL Injection issue

Remove the mysql_odbc_escape_string() function. The function
has multi-byte character escaping issues, doesn't honor the
NO_BACKSLASH_ESCAPES mode and is not used anymore by the
Connector/ODBC as of 3.51.17.


include/mysql.h:
  Remove mysql_odbc_escape_string() prototype.
include/mysql_h.ic:
  Update abi check file, mostly line changes and mysql_odbc_escape_string
  removal.
libmysql/libmysql.c:
  Remove mysql_odbc_escape_string() body.
libmysql/libmysql.def:
  Remove mysql_odbc_escape_string()
libmysqld/libmysqld.def:
  Remove mysql_odbc_escape_string()
parent 3e502d61
...@@ -550,16 +550,6 @@ unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql, ...@@ -550,16 +550,6 @@ unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
char *to,const char *from, char *to,const char *from,
unsigned long length); unsigned long length);
void STDCALL mysql_debug(const char *debug); void STDCALL mysql_debug(const char *debug);
char * STDCALL mysql_odbc_escape_string(MYSQL *mysql,
char *to,
unsigned long to_length,
const char *from,
unsigned long from_length,
void *param,
char *
(*extend_buffer)
(void *, char *to,
unsigned long *length));
void STDCALL myodbc_remove_escape(MYSQL *mysql,char *name); void STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
unsigned int STDCALL mysql_thread_safe(void); unsigned int STDCALL mysql_thread_safe(void);
my_bool STDCALL mysql_embedded(void); my_bool STDCALL mysql_embedded(void);
......
This diff is collapsed.
...@@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from, ...@@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
return escape_string_for_mysql(mysql->charset, to, 0, from, length); return escape_string_for_mysql(mysql->charset, to, 0, from, length);
} }
char * STDCALL
mysql_odbc_escape_string(MYSQL *mysql,
char *to, ulong to_length,
const char *from, ulong from_length,
void *param,
char * (*extend_buffer)
(void *, char *, ulong *))
{
char *to_end=to+to_length-5;
const char *end;
#ifdef USE_MB
my_bool use_mb_flag=use_mb(mysql->charset);
#endif
for (end=from+from_length; from != end ; from++)
{
if (to >= to_end)
{
to_length = (ulong) (end-from)+512; /* We want this much more */
if (!(to=(*extend_buffer)(param, to, &to_length)))
return to;
to_end=to+to_length-5;
}
#ifdef USE_MB
{
int l;
if (use_mb_flag && (l = my_ismbchar(mysql->charset, from, end)))
{
while (l--)
*to++ = *from++;
from--;
continue;
}
}
#endif
switch (*from) {
case 0: /* Must be escaped for 'mysql' */
*to++= '\\';
*to++= '0';
break;
case '\n': /* Must be escaped for logs */
*to++= '\\';
*to++= 'n';
break;
case '\r':
*to++= '\\';
*to++= 'r';
break;
case '\\':
*to++= '\\';
*to++= '\\';
break;
case '\'':
*to++= '\\';
*to++= '\'';
break;
case '"': /* Better safe than sorry */
*to++= '\\';
*to++= '"';
break;
case '\032': /* This gives problems on Win32 */
*to++= '\\';
*to++= 'Z';
break;
default:
*to++= *from;
}
}
return to;
}
void STDCALL void STDCALL
myodbc_remove_escape(MYSQL *mysql,char *name) myodbc_remove_escape(MYSQL *mysql,char *name)
{ {
......
...@@ -78,7 +78,6 @@ EXPORTS ...@@ -78,7 +78,6 @@ EXPORTS
mysql_next_result mysql_next_result
mysql_num_fields mysql_num_fields
mysql_num_rows mysql_num_rows
mysql_odbc_escape_string
mysql_options mysql_options
mysql_stmt_param_count mysql_stmt_param_count
mysql_stmt_param_metadata mysql_stmt_param_metadata
......
...@@ -71,7 +71,6 @@ EXPORTS ...@@ -71,7 +71,6 @@ EXPORTS
mysql_next_result mysql_next_result
mysql_num_fields mysql_num_fields
mysql_num_rows mysql_num_rows
mysql_odbc_escape_string
mysql_options mysql_options
mysql_ping mysql_ping
mysql_query mysql_query
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment