MySQL Lists are EOL. Please join:

List:Commits« Previous MessageNext Message »
From:Timothy Smith Date:October 30 2009 11:31pm
Subject:bzr commit into mysql-5.0-bugteam branch (timothy.smith:2835) Bug#48031
View as plain text  
#At file:///home/tsmith/m/bzr/bugteam/b35106-50/ based on revid:timothy.smith@stripped

 2835 Timothy Smith	2009-10-30
      Bug#48031: mysql_secure_installation -- bash bug regarding passwords with
      special chars
      
      Fix the escaping / quoting problem in the Perl version of this script, too.
      The Perl version is packaged with the Windows binaries and suffered from
      most of the same problems as the sh version.

    modified:
      scripts/mysql_secure_installation.pl.in
=== modified file 'scripts/mysql_secure_installation.pl.in'
--- a/scripts/mysql_secure_installation.pl.in	2009-10-30 20:28:33 +0000
+++ b/scripts/mysql_secure_installation.pl.in	2009-10-30 23:29:46 +0000
@@ -108,6 +108,15 @@ sub prepare {
   }
 }
 
+# Simple escape mechanism, suitable for two contexts:
+# - single-quoted SQL strings
+# - single-quoted option values on the right hand side of = in my.cnf
+sub basic_single_escape {
+  my ($str) = @_;
+  $str =~ s/([\'])/\\$1/g;
+  return $str;
+}
+
 sub do_query {
   my $query   = shift;
   write_file($command, $query);
@@ -119,11 +128,12 @@ sub do_query {
 sub make_config {
   my $password = shift;
 
+  my $esc_pass = basic_single_escape($rootpass);
   write_file($config,
              "# mysql_secure_installation config file",
              "[mysql]",
              "user=root",
-             "password=$rootpass");
+             "password='$esc_pass'");
 }
 
 sub get_root_password {
@@ -165,8 +175,8 @@ sub set_root_password {
     last;
   }
 
-  # FIXME: Quote password1 properly for SQL
-  do_query("UPDATE mysql.user SET Password=PASSWORD('$password1') WHERE User='root';")
+  my $esc_pass = basic_single_escape($password1);
+  do_query("UPDATE mysql.user SET Password=PASSWORD('$esc_pass') WHERE User='root';")
     or die "Password update failed!\n";
 
   print "Password updated successfully!\n";


Attachment: [text/bzr-bundle] bzr/timothy.smith@sun.com-20091030232946-549055arhdg3azc3.bundle
Thread
bzr commit into mysql-5.0-bugteam branch (timothy.smith:2835) Bug#48031Timothy Smith31 Oct