Details
-
Bug
-
Status: Closed (View Workflow)
-
Critical
-
Resolution: Fixed
-
10.4.8
-
None
Description
This report id based on actual customer use case.
Spider fails to parse properly the parameter to two of its UDF when the value of a sub-parameter contains a comma - even when the coma is included in correctly quoted string. With these UDF, "parameter" is actually a string which contains a list of comma-separated names and values for multiple sub-parameters to the SQL statement that will be executed.
The primary reason seams for the error to be that Spider simply breaks down the parameter string at each comma, not paying attention when the comma is properly quoted (i.e. part of of a sub-parameter value).
Two Spider UDF functions are affected, spider_bg_direct_sql() and spider_direct_sql, which likely share same parsing code.
Example - create a database in the backend server with a user whose password contains a comma. Note that the comma in "pass,1234" is part of a quoted string and is not a delimiter.
SELECT spider_direct_sql('CREATE DATABASE test123', '', 'host "172.16.1.21", port "3306", user "spider", password "pass,1234" , database "test"') from dual; |
 |
ERROR 12503 (HY000): The UDF parameter 'password "pass' is invalid |
The error message clearly shows that the parameter string has been split by the comma inside the quoted string.
A possible location of the offending code could be along lines 1160 of spd_direct_sql.cc:
if ((sprit_ptr[1] = strchr(sprit_ptr[0], ','))) |
{
|
*sprit_ptr[1] = '\0'; |
sprit_ptr[1]++; |
}
|
strchr() will simply return the next occurrence of the comma without taking into account the surrounding quotes.