Bug#29592 SQL Injection issue

Remove the mysql_odbc_escape_string() function. The function has multi-byte character escaping issues, doesn't honor the NO_BACKSLASH_ESCAPES mode and is not used anymore by the Connector/ODBC as of 3.51.17.

Bug#29592 SQL Injection issue
Remove the mysql_odbc_escape_string() function. The function has multi-byte character escaping issues, doesn't honor the NO_BACKSLASH_ESCAPES mode and is not used anymore by the Connector/ODBC as of 3.51.17.
cdad8669 · davi@mysql.com/endora.local · 9817d93e · cdad8669 · cdad8669 · cdad8669
Commit cdad8669 authored Nov 26, 2007 by davi@mysql.com/endora.local
5 changed files
--- a/include/mysql.h
+++ b/include/mysql.h
@@ -550,16 +550,6 @@ unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
 					       char *to,const char *from,
 					       unsigned long length);
 void		STDCALL mysql_debug(const char *debug);
-char *		STDCALL mysql_odbc_escape_string(MYSQL *mysql,
-						 char *to,
-						 unsigned long to_length,
-						 const char *from,
-						 unsigned long from_length,
-						 void *param,
-						 char *
-						 (*extend_buffer)
-						 (void *, char *to,
-						  unsigned long *length));
 void 		STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
 unsigned int	STDCALL mysql_thread_safe(void);
 my_bool		STDCALL mysql_embedded(void);

--- a/include/mysql_h.ic
+++ b/include/mysql_h.ic
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
 }
-char * STDCALL
-mysql_odbc_escape_string(MYSQL *mysql,
-			 char *to, ulong to_length,
-			 const char *from, ulong from_length,
-			 void *param,
-			 char * (*extend_buffer)
-			 (void *, char *, ulong *))
-{
-  char *to_end=to+to_length-5;
-  const char *end;
-#ifdef USE_MB
-  my_bool use_mb_flag=use_mb(mysql->charset);
-#endif
-  for (end=from+from_length; from != end ; from++)
-  {
-    if (to >= to_end)
-    {
-      to_length = (ulong) (end-from)+512;	/* We want this much more */
-      if (!(to=(*extend_buffer)(param, to, &to_length)))
-	return to;
-      to_end=to+to_length-5;
-    }
-#ifdef USE_MB
-    {
-      int l;
-      if (use_mb_flag && (l = my_ismbchar(mysql->charset, from, end)))
-      {
-	while (l--)
-	  *to++ = *from++;
-	from--;
-	continue;
-      }
-    }
-#endif
-    switch (*from) {
-    case 0:				/* Must be escaped for 'mysql' */
-      *to++= '\\';
-      *to++= '0';
-      break;
-    case '\n':				/* Must be escaped for logs */
-      *to++= '\\';
-      *to++= 'n';
-      break;
-    case '\r':
-      *to++= '\\';
-      *to++= 'r';
-      break;
-    case '\\':
-      *to++= '\\';
-      *to++= '\\';
-      break;
-    case '\'':
-      *to++= '\\';
-      *to++= '\'';
-      break;
-    case '"':				/* Better safe than sorry */
-      *to++= '\\';
-      *to++= '"';
-      break;
-    case '\032':			/* This gives problems on Win32 */
-      *to++= '\\';
-      *to++= 'Z';
-      break;
-    default:
-      *to++= *from;
-    }
-  }
-  return to;
-}
 void STDCALL
 myodbc_remove_escape(MYSQL *mysql,char *name)
 {

--- a/libmysql/libmysql.def
+++ b/libmysql/libmysql.def
@@ -78,7 +78,6 @@ EXPORTS
 	mysql_next_result
 	mysql_num_fields
 	mysql_num_rows
-	mysql_odbc_escape_string
 	mysql_options
 	mysql_stmt_param_count
 	mysql_stmt_param_metadata

--- a/libmysqld/libmysqld.def
+++ b/libmysqld/libmysqld.def
@@ -71,7 +71,6 @@ EXPORTS
 	mysql_next_result
 	mysql_num_fields
 	mysql_num_rows
-	mysql_odbc_escape_string
 	mysql_options
 	mysql_ping
 	mysql_query