Merge branch 'mysql-8.0' into mysql-8.4

Change-Id: I7959dd50b72812030a997bae1931916ab842964a

Author: gkodinov

client/mysql.cc

@@ -431,7 +431,8 @@ static COMMANDS commands[] = {
      "Execute an SQL script file. Takes a file name as an argument."},
     {"status", 's', com_status, false,
      "Get status information from the server."},
-    {"system", '!', com_shell, true, "Execute a system shell command."},
+    {"system", '!', com_shell, true,
+     "Execute a system shell command, if enabled"},
     {"tee", 'T', com_tee, true,
      "Set outfile [to_outfile]. Append everything into given outfile."},
     {"use", 'u', com_use, true,
@@ -1751,6 +1752,8 @@ void window_resize(int) {
 }
 #endif
 
+static bool opt_system_command = true;
+
 static struct my_option my_long_options[] = {
     {"help", '?', "Display this help and exit.", nullptr, nullptr, nullptr,
      GET_NO_ARG, NO_ARG, 0, 0, 0, nullptr, 0, nullptr},
@@ -2083,6 +2086,10 @@ static struct my_option my_long_options[] = {
      "Specifies factor for which registration needs to be done for.",
      &opt_register_factor, &opt_register_factor, nullptr, GET_STR, REQUIRED_ARG,
      0, 0, 0, nullptr, 0, nullptr},
+    {"system-command", 0,
+     "Enable (by default) or disable the system mysql command.",
+     &opt_system_command, &opt_system_command, nullptr, GET_BOOL, NO_ARG, 1, 0,
+     0, nullptr, 0, nullptr},
     {nullptr, 0, nullptr, nullptr, nullptr, nullptr, GET_NO_ARG, NO_ARG, 0, 0,
      0, nullptr, 0, nullptr}};
 
@@ -4498,6 +4505,13 @@ static int com_shell(String *buffer [[maybe_unused]],
     put_info("Usage: \\! shell-command", INFO_ERROR);
     return -1;
   }
+
+  if (!opt_system_command) {
+    return put_info(
+        "'system' command received, but the --system-command option is off. "
+        "Skipping.",
+        INFO_ERROR);
+  }
   /*
     The output of the shell command does not
     get directed to the pager or the outfile

mysql-test/r/mysql.result

@@ -572,6 +572,14 @@ include/assert_grep.inc [look for query_attributes in help]
 #
 # Success criteria: port number present in the error text
 ERROR 2003 (HY000): Can't connect to MySQL server on '127.0.0.1:99999' (XXX)
+#
+# Bug # 36377685: mysqldump blindly trusting SHOW CREATE TABLE leads to
+#   arbitrary code execution.
+#
+# Test "system": Must return an error
+ERROR at line 1: 'system' command received, but the --system-command option is off. Skipping.
+# Test "!": Must return an error
+ERROR at line 1: 'system' command received, but the --system-command option is off. Skipping.
 
 # Test support for dollar quoting
 

mysql-test/t/mysql.test

@@ -1,4 +1,5 @@
-#
+
+
 # Testing the MySQL command line client(mysql)
 #
 
@@ -705,6 +706,19 @@ DROP USER bug21464621;
 --error 1
 --exec $MYSQL -h 127.0.0.1 -P 99999 2>&1
 
+--echo #
+--echo # Bug # 36377685: mysqldump blindly trusting SHOW CREATE TABLE leads to
+--echo #   arbitrary code execution.
+--echo #
+
+--echo # Test "system": Must return an error
+--error 1
+--exec $MYSQL test --skip-system-command -e "system ls;" 2>&1
+ 
+--echo # Test "!": Must return an error
+--error 1
+--exec $MYSQL test --skip-system-command -e "\\! ls" 2>&1
+
 --echo
 --echo # Test support for dollar quoting
 --echo