Commit 07d57e0e authored by Kentoku SHIBA's avatar Kentoku SHIBA

MDEV-20827 Wrong param parsing in spider_direct_sql() when param contain comma

parent 582290da
--connection child2_1
DROP USER tu@'%';
--disable_warnings
--disable_query_log
--disable_result_log
--source ../t/test_deinit.inc
--enable_result_log
--enable_query_log
--enable_warnings
--disable_warnings
--disable_query_log
--disable_result_log
--source ../t/test_init.inc
--enable_result_log
--enable_query_log
--enable_warnings
let $DIRECT_SQL_COMMAND=
SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
--connection child2_1
GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
for master_1
for child2
child2_1
child2_2
child2_3
for child3
connection child2_1;
GRANT ALL ON *.* TO tu@'%' IDENTIFIED BY 'pass,1234';
drop and create databases
connection master_1;
CREATE DATABASE auto_test_local;
USE auto_test_local;
CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) MASTER_1_ENGINE2
SELECT spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"');
spider_direct_sql('SELECT 22', 'tmp_a', 'srv "s_2_1", database "test", password "pass,1234", user "tu"')
1
SELECT pkey FROM tmp_a;
pkey
22
deinit
connection master_1;
DROP DATABASE IF EXISTS auto_test_local;
connection child2_1;
DROP USER tu@'%';
for master_1
for child2
child2_1
child2_2
child2_3
for child3
end of test
!include include/default_mysqld.cnf
!include ../my_1_1.cnf
!include ../my_2_1.cnf
--source ../include/direct_sql_with_comma_pwd_init.inc
--echo
--echo drop and create databases
--connection master_1
--disable_warnings
CREATE DATABASE auto_test_local;
USE auto_test_local;
--enable_warnings
--disable_query_log
echo CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) MASTER_1_ENGINE2;
eval CREATE TEMPORARY TABLE tmp_a (
pkey int NOT NULL,
PRIMARY KEY (pkey)
) $MASTER_1_ENGINE2;
--enable_query_log
eval $DIRECT_SQL_COMMAND;
SELECT pkey FROM tmp_a;
--echo
--echo deinit
--disable_warnings
--connection master_1
DROP DATABASE IF EXISTS auto_test_local;
--enable_warnings
--source ../include/direct_sql_with_comma_pwd_deinit.inc
--echo
--echo end of test
......@@ -217,7 +217,7 @@ int spider_udf_parse_copy_tables_param(
) {
int error_num = 0;
char *param_string = NULL;
char *sprit_ptr[2];
char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr;
int title_length;
SPIDER_PARAM_STRING_PARSE param_string_parse;
......@@ -244,23 +244,17 @@ int spider_udf_parse_copy_tables_param(
}
DBUG_PRINT("info",("spider param_string=%s", param_string));
sprit_ptr[0] = param_string;
sprit_ptr = param_string;
param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
while (sprit_ptr[0])
while (sprit_ptr)
{
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
tmp_ptr = sprit_ptr;
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++;
if (*tmp_ptr == '\0')
continue;
break;
title_length = 0;
start_ptr = tmp_ptr;
......@@ -273,6 +267,11 @@ int spider_udf_parse_copy_tables_param(
start_ptr++;
}
param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = param_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length)
{
......
......@@ -1214,7 +1214,7 @@ int spider_udf_parse_direct_sql_param(
) {
int error_num = 0, roop_count;
char *param_string = NULL;
char *sprit_ptr[2];
char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr;
int title_length;
SPIDER_PARAM_STRING_PARSE param_string_parse;
......@@ -1253,23 +1253,17 @@ int spider_udf_parse_direct_sql_param(
}
DBUG_PRINT("info",("spider param_string=%s", param_string));
sprit_ptr[0] = param_string;
sprit_ptr = param_string;
param_string_parse.init(param_string, ER_SPIDER_INVALID_UDF_PARAM_NUM);
while (sprit_ptr[0])
while (sprit_ptr)
{
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
tmp_ptr = sprit_ptr;
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++;
if (*tmp_ptr == '\0')
continue;
break;
title_length = 0;
start_ptr = tmp_ptr;
......@@ -1282,6 +1276,11 @@ int spider_udf_parse_direct_sql_param(
start_ptr++;
}
param_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = param_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length)
{
......
......@@ -2085,7 +2085,7 @@ int spider_parse_connect_info(
) {
int error_num = 0;
char *connect_string = NULL;
char *sprit_ptr[2];
char *sprit_ptr;
char *tmp_ptr, *tmp_ptr2, *start_ptr;
int roop_count;
int title_length;
......@@ -2279,23 +2279,17 @@ int spider_parse_connect_info(
break;
}
sprit_ptr[0] = connect_string;
sprit_ptr = connect_string;
connect_string_parse.init(connect_string, ER_SPIDER_INVALID_CONNECT_INFO_NUM);
while (sprit_ptr[0])
while (sprit_ptr)
{
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ',')))
{
*sprit_ptr[1] = '\0';
sprit_ptr[1]++;
}
tmp_ptr = sprit_ptr[0];
sprit_ptr[0] = sprit_ptr[1];
tmp_ptr = sprit_ptr;
while (*tmp_ptr == ' ' || *tmp_ptr == '\r' ||
*tmp_ptr == '\n' || *tmp_ptr == '\t')
tmp_ptr++;
if (*tmp_ptr == '\0')
continue;
break;
title_length = 0;
start_ptr = tmp_ptr;
......@@ -2308,6 +2302,11 @@ int spider_parse_connect_info(
start_ptr++;
}
connect_string_parse.set_param_title(tmp_ptr, tmp_ptr + title_length);
if ((error_num = connect_string_parse.get_next_parameter_head(
start_ptr, &sprit_ptr)))
{
goto error;
}
switch (title_length)
{
......
......@@ -180,6 +180,94 @@ typedef struct st_spider_param_string_parse
DBUG_RETURN(error_num);
}
inline int get_next_parameter_head(char *st, char **nx)
{
DBUG_ENTER("get_next_parameter_head");
char *sq = strchr(st, '\'');
char *dq = strchr(st, '"');
if (!sq && !dq)
{
DBUG_RETURN(print_param_error());
}
else if (!sq || sq > dq)
{
while (1)
{
++dq;
if (*dq == '\\')
{
++dq;
}
else if (*dq == '"')
{
break;
}
else if (*dq == '\0')
{
DBUG_RETURN(print_param_error());
}
}
while (1)
{
++dq;
if (*dq == '\0')
{
*nx = dq;
break;
}
else if (*dq == ',')
{
*dq = '\0';
*nx = dq + 1;
break;
}
else if (*dq != ' ' && *dq != '\r' && *dq != '\n' && *dq != '\t')
{
DBUG_RETURN(print_param_error());
}
}
}
else
{
while (1)
{
++sq;
if (*sq == '\\')
{
++sq;
}
else if (*sq == '\'')
{
break;
}
else if (*sq == '\0')
{
DBUG_RETURN(print_param_error());
}
}
while (1)
{
++sq;
if (*sq == '\0')
{
*nx = sq;
break;
}
else if (*sq == ',')
{
*sq = '\0';
*nx = sq + 1;
break;
}
else if (*sq != ' ' && *sq != '\r' && *sq != '\n' && *sq != '\t')
{
DBUG_RETURN(print_param_error());
}
}
}
DBUG_RETURN(0);
}
/**
Restore the current parameter's input delimiter characters in the
parameter string. They were NULLed during parameter parsing.
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment