Bug#29592 SQL Injection issue

Remove the mysql_odbc_escape_string() function. The function has multi-byte character escaping issues, doesn't honor the NO_BACKSLASH_ESCAPES mode and is not used anymore by the Connector/ODBC as of 3.51.17. include/mysql.h: Remove mysql_odbc_escape_string() prototype. include/mysql_h.ic: Update abi check file, mostly line changes and mysql_odbc_escape_string removal. libmysql/libmysql.c: Remove mysql_odbc_escape_string() body. libmysql/libmysql.def: Remove mysql_odbc_escape_string() libmysqld/libmysqld.def: Remove mysql_odbc_escape_string()
2025-06-12 01:53:02 +03:00 · 2007-11-26 14:09:37 -02:00
parent a8b4bc8165
commit b8a19c228c
5 changed files with 407 additions and 493 deletions
--- a/libmysql/libmysql.c
+++ b/libmysql/libmysql.c
@ -1617,78 +1617,6 @@ mysql_real_escape_string(MYSQL *mysql, char *to,const char *from,
  return escape_string_for_mysql(mysql->charset, to, 0, from, length);
 }

-
-char * STDCALL
-mysql_odbc_escape_string(MYSQL *mysql,
-			 char *to, ulong to_length,
-			 const char *from, ulong from_length,
-			 void *param,
-			 char * (*extend_buffer)
-			 (void *, char *, ulong *))
-{
-  char *to_end=to+to_length-5;
-  const char *end;
-#ifdef USE_MB
-  my_bool use_mb_flag=use_mb(mysql->charset);
-#endif
-
-  for (end=from+from_length; from != end ; from++)
-  {
-    if (to >= to_end)
-    {
-      to_length = (ulong) (end-from)+512;	/* We want this much more */
-      if (!(to=(*extend_buffer)(param, to, &to_length)))
-	return to;
-      to_end=to+to_length-5;
-    }
-#ifdef USE_MB
-    {
-      int l;
-      if (use_mb_flag && (l = my_ismbchar(mysql->charset, from, end)))
-      {
-	while (l--)
-	  *to++ = *from++;
-	from--;
-	continue;
-      }
-    }
-#endif
-    switch (*from) {
-    case 0:				/* Must be escaped for 'mysql' */
-      *to++= '\\';
-      *to++= '0';
-      break;
-    case '\n':				/* Must be escaped for logs */
-      *to++= '\\';
-      *to++= 'n';
-      break;
-    case '\r':
-      *to++= '\\';
-      *to++= 'r';
-      break;
-    case '\\':
-      *to++= '\\';
-      *to++= '\\';
-      break;
-    case '\'':
-      *to++= '\\';
-      *to++= '\'';
-      break;
-    case '"':				/* Better safe than sorry */
-      *to++= '\\';
-      *to++= '"';
-      break;
-    case '\032':			/* This gives problems on Win32 */
-      *to++= '\\';
-      *to++= 'Z';
-      break;
-    default:
-      *to++= *from;
-    }
-  }
-  return to;
-}
-
 void STDCALL
 myodbc_remove_escape(MYSQL *mysql,char *name)
 {