Quick Links

Re: invalidly encoded strings

From:	Jeff Davis <pgsql(at)j-davis(dot)com>
To:	Tatsuo Ishii <ishii(at)postgresql(dot)org>
Cc:	tgl(at)sss(dot)pgh(dot)pa(dot)us, andrew(at)dunslane(dot)net, laurenz(dot)albe(at)wien(dot)gv(dot)at, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: invalidly encoded strings
Date:	2007-09-11 05:32:32
Message-ID:	1189488752.5924.57.camel@jdavis
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers pgsql-patches

On Tue, 2007-09-11 at 12:29 +0900, Tatsuo Ishii wrote:
> Please show me concrete examples how I could introduce a vulnerability
> using this kind of convert() usage.

Try the sequence below. Then, try to dump and then reload the database.
When you try to reload it, you will get an error:

ERROR: invalid byte sequence for encoding "UTF8": 0xbd

Regards,
Jeff Davis

test=> select version();

version
--------------------------------------------------------------------------------------------------------------------------
PostgreSQL 8.3devel on x86_64-unknown-linux-gnu, compiled by GCC gcc
(GCC) 4.1.3 20070601 (prerelease) (Debian 4.1.2-12)
(1 row)

test=> show lc_collate;
lc_collate
-------------
en_US.UTF-8
(1 row)

test=> create table encoding_test(t text);
CREATE TABLE
test=> insert into encoding_test values('初');
INSERT 0 1
test=> insert into encoding_test values(convert('初' using
utf8_to_euc_jp));
INSERT 0 1

In response to

Re: invalidly encoded strings at 2007-09-11 03:29:36 from Tatsuo Ishii

Responses

Re: invalidly encoded strings at 2007-09-11 05:50:19 from Tatsuo Ishii

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Teodor Sigaev	2007-09-11 05:37:38	Re: Ts_rank internals
Previous Message	Greg Smith	2007-09-11 05:06:34	Testing 8.3 LDC vs. 8.2.4 with aggressive BGW

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Tatsuo Ishii	2007-09-11 05:50:19	Re: invalidly encoded strings
Previous Message	Bruce Momjian	2007-09-11 04:42:38	Re: HOT patch - version 15