| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | "Patches (PostgreSQL)" <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: prevent invalidly encoded input |
| Date: | 2007-09-11 18:06:09 |
| Message-ID: | 15042.1189533969@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Attached is a patch to the scanner and the COPY code that checks for
> invalidly encoded data that can currently leak into our system via \
> escapes in quoted literals or text mode copy fields, as recently
> discussed. That would still leave holes via chr(), convert() and
> possibly other functions, but these two paths are the biggest holes that
> need plugging.
The COPY code looks sane. On the scan.l change, I believe two out of
three of those calls are useless, because we do not do backslash
processing in dollar-quoted strings nor in quoted identifiers.
Also, I'd kinda like to have the check-for-high-bit optimization in
scan.l too --- some people do throw big literals at the thing.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2007-09-11 18:21:18 | Re: pgsql: Remove QueryOperand->istrue flag, it was used only in cover |
| Previous Message | Bruce Momjian | 2007-09-11 17:37:30 | pgsql: Stamp releases 8.2.5, 8.1.10, 8.0.14, 7.4.18, 7.3.20. |