MDEV-4664 mysql_upgrade crashes if root's password contains an apostrophe/single quotation mark

fix dynstr_append_os_quoted() to escape single quotes correctly for a POSIX shell

MDEV-4664 mysql_upgrade crashes if root's password contains an apostrophe/single quotation mark
fix dynstr_append_os_quoted() to escape single quotes correctly for a POSIX shell
1e361f28 · Sergei Golubchik · 9e4e4121 · 1e361f28 · 1e361f28
Commit 1e361f28 authored Feb 06, 2016 by Sergei Golubchik
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 7 deletions

mysys/string.c mysys/string.c +3 -2

unittest/mysys/dynstring-t.c unittest/mysys/dynstring-t.c +5 -5

No files found.
--- a/mysys/string.c
+++ b/mysys/string.c
@@ -143,8 +143,10 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
 {
 #ifdef __WIN__
  LEX_CSTRING quote= { C_STRING_WITH_LEN("\"") };
+  LEX_CSTRING replace= { C_STRING_WITH_LEN("\\\"") };
 #else
  LEX_CSTRING quote= { C_STRING_WITH_LEN("\'") };
+  LEX_CSTRING replace= { C_STRING_WITH_LEN("'\"'\"'") };
 #endif /* __WIN__ */
  my_bool ret= TRUE;
  va_list dirty_text;
@@ -160,8 +162,7 @@ my_bool dynstr_append_os_quoted(DYNAMIC_STRING *str, const char *append, ...)
    while(*(next_pos= strcend(cur_pos, quote.str[0])) != '\0')
    {
      ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));
-      ret&= dynstr_append_mem(str, STRING_WITH_LEN("\\"));
+      ret&= dynstr_append_mem(str, replace.str, replace.length);
-      ret&= dynstr_append_mem(str, quote.str, quote.length);
      cur_pos= next_pos + 1;
    }
    ret&= dynstr_append_mem(str, cur_pos, (uint) (next_pos - cur_pos));

--- a/unittest/mysys/dynstring-t.c
+++ b/unittest/mysys/dynstring-t.c
@@ -47,25 +47,25 @@ int main(void)
  check("'space inside'");
  ok(dynstr_append_os_quoted(&str1, "single'quote", NULL) == 0, "append");
-  check("'single\\'quote'");
+  check("'single'\"'\"'quote'");
  ok(dynstr_append_os_quoted(&str1, "many'single'quotes", NULL) == 0, "append");
-  check("'many\\'single\\'quotes'");
+  check("'many'\"'\"'single'\"'\"'quotes'");
  ok(dynstr_append_os_quoted(&str1, "'single quoted'", NULL) == 0, "append");
-  check("'\\'single quoted\\''");
+  check("''\"'\"'single quoted'\"'\"''");
  ok(dynstr_append_os_quoted(&str1, "double\"quote", NULL) == 0, "append");
  check("'double\"quote'");
  ok(dynstr_append_os_quoted(&str1, "mixed\"single'and\"double'quotes", NULL) == 0, "append");
-  check("'mixed\"single\\'and\"double\\'quotes'");
+  check("'mixed\"single'\"'\"'and\"double'\"'\"'quotes'");
  ok(dynstr_append_os_quoted(&str1, "back\\space", NULL) == 0, "append");
  check("'back\\space'");
  ok(dynstr_append_os_quoted(&str1, "backspace\\'and\\\"quote", NULL) == 0, "append");
-  check("'backspace\\\\'and\\\"quote'");
+  check("'backspace\\'\"'\"'and\\\"quote'");
  dynstr_free(&str1);