| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: pgsql: Make escaping functions retain trailing bytes of an invalid char |
| Date: | 2025-05-01 21:04:27 |
| Message-ID: | a9c837ad-d507-4607-94e4-c5743a8f49e0@eisentraut.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
On 15.02.25 22:20, Tom Lane wrote:
> Make escaping functions retain trailing bytes of an invalid character.
>
> Instead of dropping the trailing byte(s) of an invalid or incomplete
> multibyte character, replace only the first byte with a known-invalid
> sequence, and process the rest normally. This seems less likely to
> confuse incautious callers than the behavior adopted in 5dc1e42b4.
>
> While we're at it, adjust PQescapeStringInternal to produce at most
> one bleat about invalid multibyte characters per string. This
> matches the behavior of PQescapeInternal, and avoids the risk of
> producing tons of repetitive junk if a long string is simply given
> in the wrong encoding.
>
> This is a followup to the fixes for CVE-2025-1094, and should be
> included if cherry-picking those fixes.
>
> Author: Andres Freund <andres(at)anarazel(dot)de>
> Co-authored-by: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> Reported-by: Jeff Davis <pgsql(at)j-davis(dot)com>
> Discussion: https://postgr.es/m/20250215012712.45@rfd.leadboat.com
> Backpatch-through: 13
>
> Branch
> ------
> REL_15_STABLE
>
> Details
> -------
> https://git.postgresql.org/pg/commitdiff/e782a63ccb76a8db476abb8f5d96397806e3e51b
>
> Modified Files
> --------------
> src/fe_utils/string_utils.c | 91 ++++++++++++++++--------------------------
> src/interfaces/libpq/fe-exec.c | 73 +++++++++++++++------------------
> 2 files changed, 67 insertions(+), 97 deletions(-)
I think the backpatch of this to PG15 and older has erroneously dropped
newlines at the end of some error messages. (libpq in newer PG uses
libpq_append_conn_error() etc. and does not have newlines in error
message strings anymore.) I think this fix would be appropriate for
PG15 and older:
diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c
index 4a4731d048c..73c3a0f9025 100644
--- a/src/interfaces/libpq/fe-exec.c
+++ b/src/interfaces/libpq/fe-exec.c
@@ -4040,10 +4040,10 @@ PQescapeStringInternal(PGconn *conn,
{
if (remaining < charlen)
appendPQExpBufferStr(&conn->errorMessage,
- libpq_gettext("incomplete multibyte character"));
+ libpq_gettext("incomplete multibyte character\n"));
else
appendPQExpBufferStr(&conn->errorMessage,
- libpq_gettext("invalid multibyte character"));
+ libpq_gettext("invalid multibyte character\n"));
/* Issue a complaint only once per string */
already_complained = true;
}
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2025-05-01 21:15:40 | Re: pgsql: Make escaping functions retain trailing bytes of an invalid char |
| Previous Message | Peter Eisentraut | 2025-05-01 20:24:12 | pgsql: doc: Flesh out extension docs for the "prefix" make variable |