MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Timothy Smith Date:October 30 2009 10:15pm
Subject:bzr commit into mysql-5.0-bugteam branch (timothy.smith:2834) Bug#48031
View as plain text  
#At file:///home/tsmith/m/bzr/bugteam/b48031-50/ based on revid:alexey.kopytov@stripped

 2834 Timothy Smith	2009-10-30
      Bug#48031: mysql_secure_installation -- bash bug regarding passwords with
      special chars
      
      This script failed when the user tried passwords with multiple spaces, \, # or
      ' characters.  Now proper escaping and quoting is used in all contexts.

    modified:
      scripts/mysql_secure_installation.sh
=== modified file 'scripts/mysql_secure_installation.sh'
--- a/scripts/mysql_secure_installation.sh	2007-01-01 04:31:23 +0000
+++ b/scripts/mysql_secure_installation.sh	2009-10-30 22:13:49 +0000
@@ -38,16 +38,26 @@ prepare() {
 }
 
 do_query() {
-    echo $1 >$command
+    echo "$1" >$command
+    #sed 's,^,> ,' < $command
     mysql --defaults-file=$config <$command
     return $?
 }
 
+# Simple escape mechanism, suitable for two contexts:
+# - single-quoted SQL strings
+# - single-quoted option values on the right hand side of = in my.cnf
+basic_single_escape () {
+    echo "$1" | sed 's/\(['"'"'\]\)/\\\1/g'
+}
+
 make_config() {
     echo "# mysql_secure_installation config file" >$config
     echo "[mysql]" >>$config
     echo "user=root" >>$config
-    echo "password=$rootpass" >>$config
+    esc_pass=`basic_single_escape "$rootpass"`
+    echo "password='$esc_pass'" >>$config
+    #sed 's,^,> ,' < $config
 }
 
 get_root_password() {
@@ -94,7 +104,8 @@ set_root_password() {
 	return 1
     fi
 
-    do_query "UPDATE mysql.user SET Password=PASSWORD('$password1') WHERE User='root';"
+    esc_pass=`basic_single_escape "$password1"`
+    do_query "UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root';"
     if [ $? -eq 0 ]; then
 	echo "Password updated successfully!"
 	echo "Reloading privilege tables.."


Attachment: [text/bzr-bundle] bzr/timothy.smith@sun.com-20091030221349-2xmgttaztslwqt5w.bundle
Thread
bzr commit into mysql-5.0-bugteam branch (timothy.smith:2834) Bug#48031Timothy Smith30 Oct