Commit 1e968057 authored by unknown's avatar unknown

Fixing BUG#15658: Server crashes after creating function as empty string

  Empty strings (and names with trailing spaces) should not be allowed.


mysql-test/r/sp-error.result:
  New testcase for BUG#15658
mysql-test/t/sp-error.test:
  New testcase for BUG#15658
sql/share/errmsg.txt:
  New error message for bad stored routine names.
sql/sp_head.cc:
  Added function for checking SP names. (Mustn't be empty or contain trailing spaces.)
sql/sp_head.h:
  Added function for checking SP names.
sql/sql_yacc.yy:
  Check db and name for stored routines.
parent 935ad7e8
......@@ -1128,3 +1128,22 @@ ERROR HY000: View 'test.v1' references invalid table(s) or column(s) or function
drop function bug11555_1;
drop table t1;
drop view v1;
drop procedure if exists ` bug15658`;
create procedure ``() select 1;
ERROR 42000: Incorrect routine name ''
create procedure ` `() select 1;
ERROR 42000: Incorrect routine name ' '
create procedure `bug15658 `() select 1;
ERROR 42000: Incorrect routine name 'bug15658 '
create procedure ``.bug15658() select 1;
ERROR 42000: Incorrect database name ''
create procedure `x `.bug15658() select 1;
ERROR 42000: Incorrect database name 'x '
create procedure ` bug15658`() select 1;
call ` bug15658`();
1
1
show procedure status;
Db Name Type Definer Modified Created Security_type Comment
test bug15658 PROCEDURE root@localhost 0000-00-00 00:00:00 0000-00-00 00:00:00 DEFINER
drop procedure ` bug15658`;
......@@ -1556,6 +1556,7 @@ drop procedure bug13012_1|
drop function bug13012_2|
delimiter ;|
#
# BUG#11555 "Stored procedures: current SP tables locking make
# impossible view security". We should not expose names of tables
# which are implicitly used by view (via stored routines/triggers).
......@@ -1616,7 +1617,33 @@ drop function bug11555_1;
drop table t1;
drop view v1;
#
# BUG#15658: Server crashes after creating function as empty string
#
--disable_warnings
drop procedure if exists ` bug15658`;
--enable_warnings
--error ER_SP_WRONG_NAME
create procedure ``() select 1;
--error ER_SP_WRONG_NAME
create procedure ` `() select 1;
--error ER_SP_WRONG_NAME
create procedure `bug15658 `() select 1;
--error ER_WRONG_DB_NAME
create procedure ``.bug15658() select 1;
--error ER_WRONG_DB_NAME
create procedure `x `.bug15658() select 1;
# This should work
create procedure ` bug15658`() select 1;
call ` bug15658`();
--replace_column 5 '0000-00-00 00:00:00' 6 '0000-00-00 00:00:00'
show procedure status;
drop procedure ` bug15658`;
#
# BUG#NNNN: New bug synopsis
#
#--disable_warnings
......
......@@ -5605,3 +5605,5 @@ ER_SP_RECURSION_LIMIT
ger "Rekursionsgrenze %d (durch Variable max_sp_recursion_depth gegeben) wurde fr Routine %.64s berschritten"
ER_SP_PROC_TABLE_CORRUPT
eng "Failed to load routine %s. The table mysql.proc is missing, corrupt, or contains bad data (internal code %d)"
ER_SP_WRONG_NAME 42000
eng "Incorrect routine name '%-.64s'"
......@@ -384,6 +384,23 @@ sp_name_current_db_new(THD *thd, LEX_STRING name)
return qname;
}
/*
* Check that the name 'ident' is ok. It's assumed to be an 'ident'
* from the parser, so we only have to check length and trailing spaces.
* The former is a standard requirement (and 'show status' assumes a
* non-empty name), the latter is a mysql:ism as trailing spaces are
* removed by get_field().
*
* RETURN
* TRUE - bad name
* FALSE - name is ok
*/
bool
sp_name_check(LEX_STRING ident)
{
return (!ident.str || !ident.str[0] || ident.str[ident.length-1] == ' ');
}
/* ------------------------------------------------------------------ */
......
......@@ -102,6 +102,8 @@ class sp_name : public Sql_alloc
sp_name *
sp_name_current_db_new(THD *thd, LEX_STRING name);
bool
sp_name_check(LEX_STRING name);
class sp_head :private Query_arena
{
......
......@@ -1288,11 +1288,26 @@ clear_privileges:
sp_name:
ident '.' ident
{
if (!$1.str || check_db_name($1.str))
{
my_error(ER_WRONG_DB_NAME, MYF(0), $1.str);
YYABORT;
}
if (sp_name_check($3))
{
my_error(ER_SP_WRONG_NAME, MYF(0), $3.str);
YYABORT;
}
$$= new sp_name($1, $3);
$$->init_qname(YYTHD);
}
| ident
{
if (sp_name_check($1))
{
my_error(ER_SP_WRONG_NAME, MYF(0), $1.str);
YYABORT;
}
$$= sp_name_current_db_new(YYTHD, $1);
}
;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment