Re: Forbid use of LF and CR characters in database and role names

From: Michael Paquier <michael(dot)paquier(at)gmail(dot)com>
To: "Ideriha, Takeshi" <ideriha(dot)takeshi(at)jp(dot)fujitsu(dot)com>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, PostgreSQL mailing lists <pgsql-hackers(at)postgresql(dot)org>, Noah Misch <noah(at)leadboat(dot)com>
Subject: Re: Forbid use of LF and CR characters in database and role names
Date: 2016-11-22 13:31:55
Message-ID: CAB7nPqQUkjdnx+KUwLS7dOt37V_2J1nGt9Ep44uHg=ET+oGmjA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Tue, Nov 22, 2016 at 5:55 PM, Ideriha, Takeshi
<ideriha(dot)takeshi(at)jp(dot)fujitsu(dot)com> wrote:
> Here's a summary for what I tested in RHEL7.0, details follow.

Thanks for the review.

> [Summary]
> 1. apply patch and make world
> -> failed because </para> was mistakenly coded <para>.
>
> 2.correct this mistake and make check-world
> -> got 1 failed test: "'pg_dumpall with \n\r in database name'"
> because test script cannot createdb "foo\n\rbar"

The attached version addresses those problems. I have replaced the
test in src/bin/pg_dump/t/ by tests in src/bin/scripts/t/ to check if
the role name and database name with CR or LF fail to be created. I
have as well added a test for initdb when the data directory has an
incorrect character in 0002.
--
Michael

Attachment Content-Type Size
0002-Ensure-clean-up-of-data-directory-even-with-restrict.patch binary/octet-stream 4.0 KB
0001-Forbid-newline-and-carriage-return-characters-in-dat.patch binary/octet-stream 8.4 KB

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Daniel Verite 2016-11-22 13:43:55 Re: Improvements in psql hooks for variables
Previous Message Rushabh Lathia 2016-11-22 13:11:34 Re: Declarative partitioning - another take