WL#8077 Extend mysql_real_escape() to be aware of the string type it's escaping for.

mysql_real_escape_string() function was found insecure when sql_mode was set to
NO_BACKSLASH_ESCAPES. mysql_real_escape_string() function reports error when sql_mode
is set to NO_BACKSLASH_ESCAPES.

Newly introduced API function mysql_real_escape_string_quote() should be used instead.
Additional char type parameter allows to specify, which character should be doubled.
Doubled character is a quote character of the identifier or a string within a SQL query.

client/mysql_secure_installation.cc
client/mysqldump.c
client/mysqlimport.c
client/mysqlshow.c
  Every occurrence of mysql_real_escape_string() replaced with
  mysql_real_escape_string_quote().

include/errmsg.h
  Insecure API error message code added (CR_INSECURE_API_ERR / 2062).

libmysql/errmsg.cc
  Insecure API error message text added.

include/my_sys.h
mysys/charset.c
  escape_quotes_for_mysql() extended to support additional parameter (char quote).

include/mysql.h
include/mysql.h.pp
  mysql_real_escape_string_quote() function declaration added.

libmysql/CMakeLists.txt
  mysql_real_escape_string_quote() function added to the client API set.

libmysql/libmysql.cc
  mysql_real_escape_string_quote() function definition added.

libmysql/libmysql.def
libmysqld/libmysqld.def
  mysql_real_escape_string_quote() function added to the lib exports.

mysql-test/r/mysqlshow.result
mysql-test/t/mysqlshow.test
  MTR test extended to support grave accent (`) table name tests.

sql/sql_initialize.cc
  escape_quotes_for_mysql() call replaced with escape_string_for_mysql().

tests/mysql_client_test.c
  Tests of the mysql_real_escape_string_quote() function added.

Author: maras007

client/mysql_secure_installation.cc

@@ -373,7 +373,7 @@ int install_password_validation_plugin()
 	                       MYF(MY_WME));
       end= my_stpcpy(query, "SET GLOBAL validate_password_policy = ");
       *end++ = '\'';
-      end+= mysql_real_escape_string(&mysql, end, strength, strength_length);
+      end+= mysql_real_escape_string_quote(&mysql, end, strength, strength_length, '\'');
       *end++ = '\'';
       if (!execute_query((const char **) &query,(unsigned int) (end-query)))
 	DBUG_PRINT("info", ("query success!"));
@@ -406,7 +406,7 @@ void estimate_password_strength(char *password_string)
                            MYF(MY_WME));
   end= my_stpcpy(query, "SELECT validate_password_strength(");
   *end++ = '\'';
-  end+= mysql_real_escape_string(&mysql, end, password_string, password_length);
+  end+= mysql_real_escape_string_quote(&mysql, end, password_string, password_length, '\'');
   *end++ = '\'';
   *end++ = ')';
   if (!execute_query((const char **) &query,(unsigned int) (end-query)))
@@ -442,7 +442,7 @@ my_bool mysql_set_password(MYSQL *mysql, char *password)
   char *query, *end;
   query= (char *)my_malloc(PSI_NOT_INSTRUMENTED, password_len+50, MYF(MY_WME));
   end= my_stpmov(query, "SET PASSWORD= PASSWORD('");
-  end += mysql_real_escape_string(mysql, end, password, password_len);
+  end+= mysql_real_escape_string_quote(mysql, end, password, password_len, '\'');
   *end++ = '\'';
   *end++ = ')';
   if (mysql_real_query(mysql, query, (unsigned int) (end - query)))
@@ -551,7 +551,7 @@ static void set_root_password(int plugin_set)
 	                       (pass_length*2 + tmp)*sizeof(char), MYF(MY_WME));
       end= my_stpcpy(query, "SET PASSWORD=PASSWORD(");
       *end++ = '\'';
-      end+= mysql_real_escape_string(&mysql, end, password1, pass_length);
+      end+= mysql_real_escape_string_quote(&mysql, end, password1, pass_length, '\'');
       *end++ = '\'';
       *end++ = ')';
       my_free(password1);
@@ -705,11 +705,11 @@ void drop_users(MYSQL_RES *result)
 	                     sizeof(char), MYF(MY_WME));
     end= my_stpcpy(query, "DROP USER ");
     *end++ = '\'';
-    end+= mysql_real_escape_string(&mysql, end, user_tmp, user_length);
+    end+= mysql_real_escape_string_quote(&mysql, end, user_tmp, user_length, '\'');
     *end++ = '\'';
     *end++ = '@';
     *end++ = '\'';
-    end+= mysql_real_escape_string(&mysql, end, host_tmp, host_length);
+    end+= mysql_real_escape_string_quote(&mysql, end, host_tmp, host_length, '\'');
     *end++ = '\'';
     if (!execute_query((const char **) &query, (unsigned int) (end-query)))
       DBUG_PRINT("info", ("query success!"));

client/mysqldump.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -1707,7 +1707,7 @@ static void unescape(FILE *file,char *pos,uint length)
                               length*2+1, MYF(MY_WME))))
     die(EX_MYSQLERR, "Couldn't allocate memory");
 
-  mysql_real_escape_string(&mysql_connection, tmp, pos, length);
+  mysql_real_escape_string_quote(&mysql_connection, tmp, pos, length, '\'');
   fputc('\'', file);
   fputs(tmp, file);
   fputc('\'', file);
@@ -2194,8 +2194,8 @@ static uint dump_events_for_db(char *db)
   DBUG_ENTER("dump_events_for_db");
   DBUG_PRINT("enter", ("db: '%s'", db));
 
-  mysql_real_escape_string(mysql, db_name_buff, db, (ulong)strlen(db));
-
+  mysql_real_escape_string_quote(mysql, db_name_buff,
+                                 db, (ulong)strlen(db), '\'');
   /* nice comments */
   print_comment(sql_file, 0,
                 "\n--\n-- Dumping events for database '%s'\n--\n", db);
@@ -2406,8 +2406,8 @@ static uint dump_routines_for_db(char *db)
   DBUG_ENTER("dump_routines_for_db");
   DBUG_PRINT("enter", ("db: '%s'", db));
 
-  mysql_real_escape_string(mysql, db_name_buff, db, (ulong)strlen(db));
-
+  mysql_real_escape_string_quote(mysql, db_name_buff,
+                                 db, (ulong)strlen(db), '\'');
   /* nice comments */
   print_comment(sql_file, 0,
                 "\n--\n-- Dumping routines for database '%s'\n--\n", db);
@@ -3764,9 +3764,10 @@ static void dump_table(char *table, char *db)
                 {
                   dynstr_append_checked(&extended_row,"'");
                   extended_row.length +=
-                  mysql_real_escape_string(&mysql_connection,
-                                           &extended_row.str[extended_row.length],
-                                           row[i],length);
+                  mysql_real_escape_string_quote(&mysql_connection,
+                                         &extended_row.str[extended_row.length],
+                                         row[i],length,
+                                         '\'');
                   extended_row.str[extended_row.length]='\0';
                   dynstr_append_checked(&extended_row,"'");
                 }
@@ -3999,7 +4000,7 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables)
   int i;
   char name_buff[NAME_LEN*2+3];
 
-  mysql_real_escape_string(mysql, name_buff, db, (ulong)strlen(db));
+  mysql_real_escape_string_quote(mysql, name_buff, db, (ulong)strlen(db), '\'');
 
   init_dynamic_string_checked(&where, " AND TABLESPACE_NAME IN ("
                       "SELECT DISTINCT TABLESPACE_NAME FROM"
@@ -4011,8 +4012,8 @@ static int dump_tablespaces_for_tables(char *db, char **table_names, int tables)
 
   for (i=0 ; i<tables ; i++)
   {
-    mysql_real_escape_string(mysql, name_buff,
-                             table_names[i], (ulong)strlen(table_names[i]));
+    mysql_real_escape_string_quote(mysql, name_buff,
+                           table_names[i], (ulong)strlen(table_names[i]), '\'');
 
     dynstr_append_checked(&where, "'");
     dynstr_append_checked(&where, name_buff);
@@ -4042,8 +4043,8 @@ static int dump_tablespaces_for_databases(char** databases)
   for (i=0 ; databases[i]!=NULL ; i++)
   {
     char db_name_buff[NAME_LEN*2+3];
-    mysql_real_escape_string(mysql, db_name_buff,
-                             databases[i], (ulong)strlen(databases[i]));
+    mysql_real_escape_string_quote(mysql, db_name_buff,
+                               databases[i], (ulong)strlen(databases[i]), '\'');
     dynstr_append_checked(&where, "'");
     dynstr_append_checked(&where, db_name_buff);
     dynstr_append_checked(&where, "',");

client/mysqlimport.c

@@ -369,8 +369,8 @@ static int write_to_table(char *filename, MYSQL *mysql)
       fprintf(stdout, "Loading data from SERVER file: %s into %s\n",
 	      hard_path, tablename);
   }
-  mysql_real_escape_string(mysql, escaped_name, hard_path,
-                           (unsigned long) strlen(hard_path));
+  mysql_real_escape_string_quote(mysql, escaped_name, hard_path,
+                                 (unsigned long) strlen(hard_path), '\'');
   sprintf(sql_statement, "LOAD DATA %s %s INFILE '%s'",
 	  opt_low_priority ? "LOW_PRIORITY" : "",
 	  opt_local_file ? "LOCAL" : "", escaped_name);

client/mysqlshow.c

@@ -1,5 +1,5 @@
 /*
-   Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+   Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -539,7 +539,8 @@ list_tables(MYSQL *mysql,const char *db,const char *table)
       We just hijack the 'rows' variable for a bit to store the escaped
       table name
     */
-    mysql_real_escape_string(mysql, rows, table, (unsigned long)strlen(table));
+    mysql_real_escape_string_quote(mysql, rows, table,
+                                   (unsigned long)strlen(table), '\'');
     my_snprintf(query, sizeof(query), "show%s tables like '%s'",
                 opt_table_type ? " full" : "", rows);
   }

include/errmsg.h

@@ -1,7 +1,7 @@
 #ifndef ERRMSG_INCLUDED
 #define ERRMSG_INCLUDED
 
-/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -106,7 +106,8 @@ extern const char *client_errors[];	/* Error messages */
 #define CR_AUTH_PLUGIN_CANNOT_LOAD              2059
 #define CR_DUPLICATE_CONNECTION_ATTR            2060
 #define CR_AUTH_PLUGIN_ERR                      2061
-#define CR_ERROR_LAST  /*Copy last error nr:*/  2061
+#define CR_INSECURE_API_ERR                     2062
+#define CR_ERROR_LAST  /*Copy last error nr:*/  2062
 /* Add error numbers before CR_ERROR_LAST and change it accordingly. */
 
 #endif /* ERRMSG_INCLUDED */

include/my_sys.h

@@ -881,9 +881,8 @@ extern size_t escape_string_for_mysql(const CHARSET_INFO *charset_info,
 extern CHARSET_INFO *fs_character_set(void);
 #endif
 extern size_t escape_quotes_for_mysql(CHARSET_INFO *charset_info,
-                                      char *to, size_t to_length,
-                                      const char *from, size_t length);
-
+                                  char *to, size_t to_length,
+                                  const char *from, size_t length, char quote);
 #ifdef _WIN32
 extern my_bool have_tcpip;		/* Is set if tcpip is used */
 

include/mysql.h

@@ -1,4 +1,4 @@
-/* Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
+/* Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.
 
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
@@ -483,12 +483,15 @@ unsigned long	STDCALL mysql_hex_string(char *to,const char *from,
 unsigned long STDCALL mysql_real_escape_string(MYSQL *mysql,
 					       char *to,const char *from,
 					       unsigned long length);
-void		STDCALL mysql_debug(const char *debug);
-void 		STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
-unsigned int	STDCALL mysql_thread_safe(void);
-my_bool		STDCALL mysql_embedded(void);
-my_bool         STDCALL mysql_read_query_result(MYSQL *mysql);
-int             STDCALL mysql_reset_connection(MYSQL *mysql);
+unsigned long STDCALL mysql_real_escape_string_quote(MYSQL *mysql,
+                 char *to, const char *from,
+                 unsigned long length, char quote);
+void          STDCALL mysql_debug(const char *debug);
+void          STDCALL myodbc_remove_escape(MYSQL *mysql,char *name);
+unsigned int  STDCALL mysql_thread_safe(void);
+my_bool       STDCALL mysql_embedded(void);
+my_bool       STDCALL mysql_read_query_result(MYSQL *mysql);
+int           STDCALL mysql_reset_connection(MYSQL *mysql);
 
 /*
   The following definitions are added for the enhanced 

include/mysql.h.pp

@@ -557,6 +557,9 @@
 unsigned long mysql_real_escape_string(MYSQL *mysql,
             char *to,const char *from,
             unsigned long length);
+unsigned long mysql_real_escape_string_quote(MYSQL *mysql,
+                 char *to, const char *from,
+                 unsigned long length, char quote);
 void mysql_debug(const char *debug);
 void myodbc_remove_escape(MYSQL *mysql,char *name);
 unsigned int mysql_thread_safe(void);

libmysql/CMakeLists.txt

@@ -1,4 +1,4 @@
-# Copyright (c) 2006, 2014, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2006, 2015, Oracle and/or its affiliates. All rights reserved.
 # 
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
@@ -87,6 +87,7 @@ mysql_query
 mysql_read_query_result
 mysql_real_connect
 mysql_real_escape_string
+mysql_real_escape_string_quote
 mysql_real_query
 mysql_refresh
 mysql_rollback

libmysql/errmsg.c

@@ -87,6 +87,7 @@ const char *client_errors[]=
   "Authentication plugin '%s' cannot be loaded: %s",
   "There is an attribute with the same name already",
   "Authentication plugin '%s' reported error: %s",
+  "Insecure API function call: '%s' Use instead: '%s'",
   ""
 };