Uploaded image for project: 'Percona Server'
  1. Percona Server
  2. PS-3798

MTR test innodb.percona_extended_innodb_status fails if InnoDB status contains unquoted special characters

    Details

      Description

      On 5.5 trunk:

      innodb.percona_extended_innodb_status    w1 [ fail ]
              Test ended at 2018-01-31 01:36:56
      
      CURRENT_TEST: innodb.percona_extended_innodb_status
      Scalar value @output[$index] better written as $output[$index] at /mnt/workspace/percona-server-5.5-repeat/BUILD_TYPE/release/Host/min-centos-6-x64/MTR_REPEAT/2/mysql-test/var/1/tmpc6MTsw line 11.
      Scalar value @output[$index] better written as $output[$index] at /mnt/workspace/percona-server-5.5-repeat/BUILD_TYPE/release/Host/min-centos-6-x64/MTR_REPEAT/2/mysql-test/var/1/tmpEB2ErP line 11.
      Scalar value @output[$index] better written as $output[$index] at /mnt/workspace/percona-server-5.5-repeat/BUILD_TYPE/release/Host/min-centos-6-x64/MTR_REPEAT/2/mysql-test/var/1/tmpE0AqS8 line 11.
      Scalar value @output[$index] better written as $output[$index] at /mnt/workspace/percona-server-5.5-repeat/BUILD_TYPE/release/Host/min-centos-6-x64/MTR_REPEAT/2/mysql-test/var/1/tmpsB7ZKs line 11.
      Scalar value @output[$index] better written as $output[$index] at /mnt/workspace/percona-server-5.5-repeat/BUILD_TYPE/release/Host/min-centos-6-x64/MTR_REPEAT/2/mysql-test/var/1/tmp4D6W3M line 11.
      mysqltest: At line 62: query 'INSERT INTO t VALUES("$status")' failed: 1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'fk2" FOREIGN KEY ("b") REFERENCES "t3" ("a")
      --------
      FILE I/O
      ...
      

      The relevant testcase snippet is

      --let $status = query_get_value(SHOW ENGINE INNODB STATUS, Status, 1)
      
      --disable_query_log
      eval INSERT INTO t VALUES("$status");
      --enable_query_log
      

      which becomes an SQL injection attack if $status contains quotes etc.

        Smart Checklist

          Attachments

            Activity

              People

              • Assignee:
                laurynas.biveinis Laurynas Biveinis (Inactive)
                Reporter:
                laurynas.biveinis Laurynas Biveinis (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: