pgsql/src/interfaces jdbc/org/postgresql/jdbc2 ...

From: "Marc G(dot) Fournier" <scrappy(at)hub(dot)org>
To: pgsql-committers(at)postgresql(dot)org
Subject: pgsql/src/interfaces jdbc/org/postgresql/jdbc2 ...
Date: 2001-09-13 17:00:34
Message-ID: 200109131700.f8DH0YL28673@hub.org
Views: Raw Message | Whole Thread | Download mbox
Thread:
Lists: pgsql-committers
CVSROOT:	/home/projects/pgsql/cvsroot
Module name:	pgsql
Changes by:	scrappy(at)hub(dot)org	01/09/13 13:00:34

Modified files:
	src/interfaces/jdbc/org/postgresql/jdbc2: ResultSet.java 
	src/interfaces/libpq: fe-exec.c 

Log message:
	> I found a problem with PQescapeString (I think). Since it escapes
	> null bytes to be literally '\0', the following can happen:
	> 1. User inputs string value as "<null byte>##" where ## are digits in the
	> range of 0 to 7.
	> 2. PQescapeString converts this to "\0##"
	> 3. Escaped string is used in a context that causes "\0##" to be evaluated as
	> an octal escape sequence.
	
	I agree that this is a problem, though it is not possible to do
	anything harmful with it.  In addition, it only occurs if there are
	any NUL characters in its input, which is very unlikely if you are
	using C strings.
	
	The patch below addresses the issue by removing escaping of \0
	characters entirely.
	
	> If the goal is to "safely" encode null bytes, and preserve the rest of the
	> string as it was entered, I think the null bytes should be escaped as \\000
	> (note that if you simply use \000 the same string truncation problem
	> occurs).
	
	We can't do that, this would require 4n + 1 bytes of storage for the
	result, breaking the interface.
	
	Florian Weimer


Browse pgsql-committers by date

  From Date Subject
Next Message Marc G. Fournier 2001-09-13 17:01:31 pgsql/src/interfaces/jdbc/org/postgresql/jdbc2 ...
Previous Message Marc G. Fournier 2001-09-13 15:55:24 pgsql/doc/src/sgml arch-pg.sgml catalogs.sgml ...