Merge branch 'release/2.1.4' into master-2.1

nmariz · nmariz · commit d0b86c0b078e · 2016-10-06T11:27:55.000+01:00
diff --git a/.gitmodules b/.gitmodules
@@ -1,4 +1,4 @@
 [submodule "cpyint"]
 	path = cpyint
 	url = ../connector-python-internal.git
-	branch = master
+	branch = master-2.1
diff --git a/CHANGES.txt b/CHANGES.txt
@@ -11,13 +11,14 @@ Full release notes:
 v2.1.4
 ======
 
+- BUG#22873551: Fix cleartext authentication issue
 - BUG#22545879: Fix usage of --ssl-cipher option
+- BUG#22529828: Fix potencial SQL injection
 - BUG#21881038: Fix duplicate entry in CHANGES.txt
 - BUG#21879914: Fix using SSL without key or certificate using C/Ext
 - BUG#21879859: Fix consuming results after calling procedure
 - BUG#21498719: Fix conversion of Python bytearray
 - BUG#21449996: Fix LOAD DATA with compression turned on
-- BUG#21449207: Fix fetching compressed data bigger than 16M
 - BUG#20834643: Attribute Error while promoting servers using MySQL Fabric
 - BUG#20811802: Fix buffered named tuple cursor with CExtension
 - BUG#20217174: Fix install command honouring --install-lib when given
diff --git a/README.txt b/README.txt
@@ -28,7 +28,7 @@ doubt, this particular copy of the software is released
 under the version 2 of the GNU General Public License.
 MySQL Connector/Python is brought to you by Oracle.
 
-Copyright (c) 2011, 2015, Oracle and/or its affiliates. All rights reserved.
+Copyright (c) 2011, 2016, Oracle and/or its affiliates. All rights reserved.
 
 License information can be found in the LICENSE.txt file.
 
diff --git a/cpyint b/cpyint
@@ -1 +1 @@
-Subproject commit 6316398bd095a8507cc7f7f63ea5eb1dc4fa8aee
+Subproject commit 2154ef4e11b222fa232e589e2a4c87e5579f4128
diff --git a/lib/mysql/connector/cursor.py b/lib/mysql/connector/cursor.py
@@ -1,5 +1,5 @@
 # MySQL Connector/Python - MySQL driver written in Python.
-# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
@@ -44,6 +44,14 @@
     re.I | re.M | re.S)
 RE_SQL_INSERT_VALUES = re.compile(r'.*VALUES\s*(\(.*\)).*', re.I | re.M | re.S)
 RE_PY_PARAM = re.compile(b'(%s)')
+RE_PY_MAPPING_PARAM = re.compile(
+    br'''
+    %
+    \((?P<mapping_key>[^)]+)\)
+    (?P<conversion_type>[diouxXeEfFgGcrs%])
+    ''',
+    re.X
+)
 RE_SQL_SPLIT_STMTS = re.compile(
     b''';(?=(?:[^"'`]*["'`][^"'`]*["'`])*[^"'`]*$)''')
 RE_SQL_FIND_PARAM = re.compile(
@@ -75,6 +83,34 @@ def remaining(self):
         return len(self.params) - self.index
 
 
+def _bytestr_format_dict(bytestr, value_dict):
+    """
+    >>> _bytestr_format_dict(b'%(a)s', {b'a': b'foobar'})
+    b'foobar
+    >>> _bytestr_format_dict(b'%%(a)s', {b'a': b'foobar'})
+    b'%%(a)s'
+    >>> _bytestr_format_dict(b'%%%(a)s', {b'a': b'foobar'})
+    b'%%foobar'
+    >>> _bytestr_format_dict(b'%(x)s %(y)s',
+    ...                      {b'x': b'x=%(y)s', b'y': b'y=%(x)s'})
+    b'x=%(y)s y=%(x)s'
+    """
+    def replace(matchobj):
+        value = None
+        groups = matchobj.groupdict()
+        if groups["conversion_type"] == b"%":
+            value = b"%"
+        if groups["conversion_type"] == b"s":
+            key = groups["mapping_key"].encode("utf-8") \
+                  if PY2 else groups["mapping_key"]
+            value = value_dict[key]
+        if value is None:
+            raise ValueError("Unsupported conversion_type: {0}"
+                             "".format(groups["conversion_type"]))
+        return value.decode("utf-8") if PY2 else value
+    return RE_PY_MAPPING_PARAM.sub(replace, bytestr.decode("utf-8")
+                                   if PY2 else bytestr)
+
 class CursorBase(MySQLCursorAbstract):
     """
     Base for defining MySQLCursor. This class is a skeleton and defines
@@ -360,9 +396,9 @@ def _process_params_dict(self, params):
                 conv = escape(conv)
                 conv = quote(conv)
                 if PY2:
-                    res["%({0})s".format(key)] = conv
+                    res[key] = conv
                 else:
-                    res["%({0})s".format(key).encode()] = conv
+                    res[key.encode()] = conv
         except Exception as err:
             raise errors.ProgrammingError(
                 "Failed processing pyformat-parameters; %s" % err)
@@ -497,8 +533,8 @@ def execute(self, operation, params=None, multi=False):
 
         if params is not None:
             if isinstance(params, dict):
-                for key, value in self._process_params_dict(params).items():
-                    stmt = stmt.replace(key, value)
+                stmt = _bytestr_format_dict(
+                    stmt, self._process_params_dict(params))
             elif isinstance(params, (list, tuple)):
                 psub = _ParamSubstitutor(self._process_params(params))
                 stmt = RE_PY_PARAM.sub(psub, stmt)
@@ -551,8 +587,8 @@ def remove_comments(match):
             for params in seq_params:
                 tmp = fmt
                 if isinstance(params, dict):
-                    for key, value in self._process_params_dict(params).items():
-                        tmp = tmp.replace(key, value)
+                    tmp = _bytestr_format_dict(
+                        tmp, self._process_params_dict(params))
                 else:
                     psub = _ParamSubstitutor(self._process_params(params))
                     tmp = RE_PY_PARAM.sub(psub, tmp)
diff --git a/lib/mysql/connector/protocol.py b/lib/mysql/connector/protocol.py
@@ -718,7 +718,7 @@ def parse_auth_switch_request(self, packet):
                 "Failed parsing AuthSwitchRequest packet")
 
         (packet, plugin_name) = utils.read_string(packet[5:], end=b'\x00')
-        if packet[-1] == 0:
+        if packet and packet[-1] == 0:
             packet = packet[:-1]
 
         return plugin_name.decode('utf8'), packet
diff --git a/lib/mysql/connector/version.py b/lib/mysql/connector/version.py
@@ -1,5 +1,5 @@
 # MySQL Connector/Python - MySQL driver written in Python.
-# Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2012, 2016, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
diff --git a/src/mysql_capi.c b/src/mysql_capi.c
@@ -1030,7 +1030,6 @@ MySQL_connect(MySQL *self, PyObject *args, PyObject *kwds)
 	char *ssl_ca= NULL, *ssl_cert= NULL, *ssl_key= NULL;
 	PyObject *charset_name, *compress, *ssl_verify_cert;
 	const char* auth_plugin;
-	unsigned long ver;
 	unsigned long client_flags= 0;
 	unsigned int port= 3306, tmp_uint;
 	unsigned int protocol= 0;
@@ -1065,7 +1064,6 @@ MySQL_connect(MySQL *self, PyObject *args, PyObject *kwds)
     }
 
     mysql_init(&self->session);
-    ver= mysql_get_client_version();
 
 #ifdef MS_WINDOWS
     if (NULL == host)
diff --git a/tests/test_abstracts.py b/tests/test_abstracts.py
@@ -27,6 +27,7 @@
 from decimal import Decimal
 from operator import attrgetter
 
+import unittest
 import tests
 from tests import PY2, foreach_cnx
 
@@ -185,6 +186,8 @@ def test_reset_session(self):
             row = self.cnx.info_query("SELECT @@session.{0}".format(key))
             self.assertEqual(value, row[0])
 
+    @unittest.skipIf(tests.MYSQL_VERSION > (5, 7, 10),
+                     "As of MySQL 5.7.11, mysql_refresh() is deprecated")
     @foreach_cnx()
     def test_cmd_refresh(self):
         refresh = RefreshOption.LOG | RefreshOption.THREADS
diff --git a/tests/test_cursor.py b/tests/test_cursor.py
@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Copyright (c) 2009, 2015, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved.
 
 # MySQL Connector/Python is licensed under the terms of the GPLv2
 # <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>, like most
@@ -361,6 +361,8 @@ def test__process_params(self):
             datetime.time(20, 3, 23),
             st_now,
             datetime.timedelta(hours=40, minutes=30, seconds=12),
+            'foo %(t)s',
+            'foo %(s)s',
         )
         exp = (
             b'NULL',
@@ -382,6 +384,8 @@ def test__process_params(self):
             b"'" + time.strftime('%Y-%m-%d %H:%M:%S', st_now).encode('ascii')
             + b"'",
             b"'40:30:12'",
+            b"'foo %(t)s'",
+            b"'foo %(s)s'",
         )
 
         self.cnx = connection.MySQLConnection(**tests.get_mysql_config())
@@ -421,28 +425,32 @@ def test__process_params_dict(self):
             'p': datetime.time(20, 3, 23),
             'q': st_now,
             'r': datetime.timedelta(hours=40, minutes=30, seconds=12),
+            's': 'foo %(t)s',
+            't': 'foo %(s)s',
         }
         exp = {
-            b'%(a)s': b'NULL',
-            b'%(b)s': b'128',
-            b'%(c)s': b'1281288',
-            b'%(d)s': repr(float(3.14)) if PY2 else b'3.14',
-            b'%(e)s': b"'3.14'",
-            b'%(f)s': b"'back\\\\slash'",
-            b'%(g)s': b"'newline\\n'",
-            b'%(h)s': b"'return\\r'",
-            b'%(i)s': b"'\\'single\\''",
-            b'%(j)s': b'\'\\"double\\"\'',
-            b'%(k)s': b"'windows\\\x1a'",
-            b'%(l)s': b"'Strings are sexy'",
-            b'%(m)s': b"'\xe8\x8a\xb1'",
-            b'%(n)s': b"'2008-05-07 20:01:23'",
-            b'%(o)s': b"'2008-05-07'",
-            b'%(p)s': b"'20:03:23'",
-            b'%(q)s': b"'" +
+            b'a': b'NULL',
+            b'b': b'128',
+            b'c': b'1281288',
+            b'd': repr(float(3.14)) if PY2 else b'3.14',
+            b'e': b"'3.14'",
+            b'f': b"'back\\\\slash'",
+            b'g': b"'newline\\n'",
+            b'h': b"'return\\r'",
+            b'i': b"'\\'single\\''",
+            b'j': b'\'\\"double\\"\'',
+            b'k': b"'windows\\\x1a'",
+            b'l': b"'Strings are sexy'",
+            b'm': b"'\xe8\x8a\xb1'",
+            b'n': b"'2008-05-07 20:01:23'",
+            b'o': b"'2008-05-07'",
+            b'p': b"'20:03:23'",
+            b'q': b"'" +
             time.strftime('%Y-%m-%d %H:%M:%S', st_now).encode('ascii')
             + b"'",
-            b'%(r)s': b"'40:30:12'",
+            b'r': b"'40:30:12'",
+            b's': b"'foo %(t)s'",
+            b't': b"'foo %(s)s'",
         }
 
         self.cnx = connection.MySQLConnection(**tests.get_mysql_config())
