From c304b17977e10af4989305c561124445f666ebc1 Mon Sep 17 00:00:00 2001
From: huili <huili@taosdata.com>
Date: Thu, 25 Jul 2019 17:17:12 +0800
Subject: [PATCH] [validate table name when insert]

---
 src/client/src/tscParseInsert.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/src/client/src/tscParseInsert.c b/src/client/src/tscParseInsert.c
index 2411bcedd5..357f203ea6 100644
--- a/src/client/src/tscParseInsert.c
+++ b/src/client/src/tscParseInsert.c
@@ -724,6 +724,19 @@ static int32_t tscParseSqlForCreateTableOnDemand(char** sqlstr, SSqlObj* pSql) {
   return code;
 }
 
+
+
+int validateTableName(char* tblName, int len)
+{
+  char buf[TSDB_METER_ID_LEN] = {0};
+  memcpy(buf, tblName, len);
+	
+  SSQLToken token = {len, TK_ID, buf};
+  tSQLGetToken(buf, &token.type);
+	
+  return tscValidateName(&token);
+}
+
 /**
  * usage: insert into table1 values() () table2 values()()
  *
@@ -774,6 +787,16 @@ int tsParseInsertStatement(SSqlCmd* pCmd, char* str, char* acct, char* db, SSqlO
       }
     }
 
+    /*
+     * Check the validity of the table name 
+     *
+     */
+    if (validateTableName(id, idlen) != TSDB_CODE_SUCCESS) {
+      code = TSDB_CODE_INVALID_SQL;
+      sprintf(pCmd->payload, "table name is invalid");
+      goto _error_clean;
+    }
+
     SSQLToken token = {idlen, TK_ID, id};
     if ((code = setMeterID(pSql, &token)) != TSDB_CODE_SUCCESS) {
       goto _error_clean;
-- 
GitLab