From 20addb05e58fdf822896f490fcaaf2ec5ed4bcb5 Mon Sep 17 00:00:00 2001
From: Ivo Roylev <ivo.roylev@oracle.com>
Date: Mon, 22 May 2017 15:52:00 +0300
Subject: [PATCH] Bug# 25998635: Client does not escape the USE statement

When there are quotes in the USE statement, the mysql client does
not correctly escape them.

The USE statement is processed line by line from the client's parser,
and cannot handle multi-line commands as the server.

The fix is to escape the USE parameters whenever quotes are used.
---
 client/mysql.cc | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/client/mysql.cc b/client/mysql.cc
index 6e6dc4971ac..d09499c120a 100644
--- a/client/mysql.cc
+++ b/client/mysql.cc
@@ -3386,7 +3386,7 @@ print_table_data(MYSQL_RES *result)
       length=4;					// Room for "NULL"
     if (opt_binhex && is_binary_field(field))
       length= 2 + length * 2;
-    field->max_length=length;
+    field->max_length=(ulong) length;
     separator.fill(separator.length()+length+2,'-');
     separator.append('+');
   }
@@ -3453,7 +3453,7 @@ print_table_data(MYSQL_RES *result)
        many extra padding-characters we should send with the printing function.
       */
       visible_length= charset_info->cset->numcells(charset_info, buffer, buffer + data_length);
-      extra_padding= data_length - visible_length;
+      extra_padding= (uint) (data_length - visible_length);
 
       if (opt_binhex && is_binary_field(field))
         print_as_hex(PAGER, cur[off], lengths[off], field_max_length);
@@ -4232,10 +4232,9 @@ com_use(String *buffer __attribute__((unused)), char *line)
   bzero(buff, sizeof(buff));
 
   /*
-    In case number of quotes exceed 2, we try to get
-    the normalized db name.
+    In case of quotes used, try to get the normalized db name.
   */
-  if (get_quote_count(line) > 2)
+  if (get_quote_count(line) > 0)
   {
     if (normalize_dbname(line, buff, sizeof(buff)))
       return put_error(&mysql);
@@ -4453,11 +4452,13 @@ char *get_arg(char *line, my_bool get_next_arg)
 static int
 get_quote_count(const char *line)
 {
-  int quote_count;
-  const char *ptr= line;
+  int quote_count= 0;
+  const char *quote= line;
 
-  for(quote_count= 0; ptr ++ && *ptr; ptr= strpbrk(ptr, "\"\'`"))
-    quote_count ++;
+  while ((quote= strpbrk(quote, "'`\"")) != NULL) {
+    quote_count++;
+    quote++;
+  }
 
   return quote_count;
 }