MDEV-20110 don't try to load client plugins with invalid names

reported by lixtelnis

mysql-test/r/connect_debug.result

@@ -3,3 +3,8 @@ set global debug_dbug='+d,auth_disconnect';
 create user 'bad' identified by 'worse';
 set global debug_dbug=@old_dbug;
 drop user bad;
+set global debug_dbug='+d,auth_invalid_plugin';
+create user 'bad' identified by 'worse';
+ERROR 2059 (HY000): Authentication plugin 'foo/bar' cannot be loaded: invalid plugin name
+set global debug_dbug=@old_dbug;
+drop user bad;

mysql-test/t/connect_debug.test

@@ -1,3 +1,4 @@
+source include/not_embedded.inc;
 source include/have_debug.inc;
 set @old_dbug=@@global.debug_dbug;
 
@@ -10,3 +11,13 @@ create user 'bad' identified by 'worse';
 --exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse
 set global debug_dbug=@old_dbug;
 drop user bad;
+
+#
+# malicious server, invalid plugin name
+#
+set global debug_dbug='+d,auth_invalid_plugin';
+create user 'bad' identified by 'worse';
+--error 1
+--exec $MYSQL --default-auth=mysql_old_password --user=bad --password=worse 2>&1
+set global debug_dbug=@old_dbug;
+drop user bad;

sql-common/client_plugin.c

@@ -363,6 +363,12 @@ mysql_load_plugin_v(MYSQL *mysql, const char *name, int type,
            mysql->options.extension->plugin_dir : PLUGINDIR, "/",
            name, SO_EXT, NullS);
 
+  if (strpbrk(name, "()[]!@#$%^&/*;.,'?"))
+  {
+    errmsg= "invalid plugin name";
+    goto err;
+  }
+
   DBUG_PRINT ("info", ("dlopeninig %s", dlpath));
   /* Open new dll handle */
   if (!(dlhandle= dlopen(dlpath, RTLD_NOW)))

sql/sql_acl.cc

@@ -8256,6 +8256,7 @@ static bool send_plugin_request_packet(MPVIO_EXT *mpvio,
     ((st_mysql_auth *) (plugin_decl(mpvio->plugin)->info))->client_auth_plugin;
 
   DBUG_EXECUTE_IF("auth_disconnect", { vio_close(net->vio); DBUG_RETURN(1); });
+  DBUG_EXECUTE_IF("auth_invalid_plugin", client_auth_plugin="foo/bar"; );
   DBUG_ASSERT(client_auth_plugin);
 
   /*