Back-ported upstream patch for CVE-2008-4456 (mysql command line client XSS
flaw) --- upstream bug #27884.
diff -Naur mysql-5.0.77.orig/client/mysql.cc mysql-5.0.77/client/mysql.cc
--- mysql-5.0.77.orig/client/mysql.cc 2009-01-29 16:41:57.000000000 -0500
+++ mysql-5.0.77/client/mysql.cc 2009-05-25 13:19:49.000000000 -0400
@@ -3346,9 +3346,12 @@
{
while((field = mysql_fetch_field(result)))
{
- tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ?
- (field->name[0] ? field->name :
- " ") : "NULL"));
+ tee_fputs("<TH>", PAGER);
+ if (field->name && field->name[0])
+ xmlencode_print(field->name, field->name_length);
+ else
+ tee_fputs(field->name ? " " : "NULL", PAGER);
+ tee_fputs("</TH>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
}
@@ -3359,7 +3362,7 @@
for (uint i=0; i < mysql_num_fields(result); i++)
{
(void) tee_fputs("<TD>", PAGER);
- safe_put_field(cur[i],lengths[i]);
+ xmlencode_print(cur[i], lengths[i]);
(void) tee_fputs("</TD>", PAGER);
}
(void) tee_fputs("</TR>", PAGER);
diff -Naur mysql-5.0.77.orig/mysql-test/r/mysql.result mysql-5.0.77/mysql-test/r/mysql.result
--- mysql-5.0.77.orig/mysql-test/r/mysql.result 2009-01-29 17:38:17.000000000 -0500
+++ mysql-5.0.77/mysql-test/r/mysql.result 2009-05-25 13:19:49.000000000 -0400
@@ -186,4 +186,5 @@
2
2
2
+<TABLE BORDER=1><TR><TH><</TH></TR><TR><TD>< & ></TD></TR></TABLE>
End of 5.0 tests
diff -Naur mysql-5.0.77.orig/mysql-test/t/mysql.test mysql-5.0.77/mysql-test/t/mysql.test
--- mysql-5.0.77.orig/mysql-test/t/mysql.test 2009-01-29 17:37:54.000000000 -0500
+++ mysql-5.0.77/mysql-test/t/mysql.test 2009-05-25 13:20:20.000000000 -0400
@@ -309,4 +309,10 @@
--exec $MYSQL -c < $MYSQLTEST_VARDIR/tmp/bug38158.sql 2>&1
remove_file $MYSQLTEST_VARDIR/tmp/bug38158.sql;
+#
+# Bug #27884: mysql --html does not quote HTML special characters in output
+#
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+--echo
+
--echo End of 5.0 tests
distrib
>
Scientific%20Linux
>
5x
>
x86_64
>
by-pkgid
>
f35b1a6f16f604a557b9ffad471ca921
>
files
>
9
