NotificationsYou must be signed in to change notification settings
Fork4.9k
Star17.7k

Commitb1756da

committed

Specify the encoding of input to fmtId()

This commit adds fmtIdEnc() and fmtQualifiedIdEnc(), which allow to specifythe encoding as an explicit argument. Additionally setFmtEncoding() isprovided, which defines the encoding when no explicit encoding is provided, toavoid breaking all code using fmtId().All users of fmtId()/fmtQualifiedId() are either converted to the explicitversion or a call to setFmtEncoding() has been added.This commit does not yet utilize the now well-defined encoding, that willhappen in a subsequent commit.Reviewed-by: Noah Misch <noah@leadboat.com>Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>Backpatch-through: 13Security:CVE-2025-1094

1 parent703b3fd commitb1756daCopy full SHA for b1756da

File tree

13 files changed

+112

-22

lines changed

src
- bin
  - pg_dump
  - psql
    - command.c
  - scripts
- fe_utils
  - string_utils.c
- include/fe_utils
  - string_utils.h

13 files changed

+112

-22

lines changed

`‎src/bin/pg_dump/pg_backup_archiver.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -2733,6 +2733,7 @@ processEncodingEntry(ArchiveHandle AH, TocEntry te)`
`2733`	`2733`	`pg_fatal("unrecognized encoding \"%s\"",`
`2734`	`2734`	`ptr1);`
`2735`	`2735`	`AH->public.encoding=encoding;`
	`2736`	`+setFmtEncoding(encoding);`
`2736`	`2737`	`}`
`2737`	`2738`	`else`
`2738`	`2739`	`pg_fatal("invalid ENCODING item: %s",`

`‎src/bin/pg_dump/pg_dump.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1095,6 +1095,7 @@ setup_connection(Archive AH, const char dumpencoding,`
`1095`	`1095`	`* we know how to escape strings.`
`1096`	`1096`	`*/`
`1097`	`1097`	`AH->encoding = PQclientEncoding(conn);`
	`1098`	`+setFmtEncoding(AH->encoding);`
`1098`	`1099`
`1099`	`1100`	`std_strings = PQparameterStatus(conn, "standard_conforming_strings");`
`1100`	`1101`	`AH->std_strings = (std_strings && strcmp(std_strings, "on") == 0);`

`‎src/bin/pg_dump/pg_dumpall.c`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -494,6 +494,7 @@ main(int argc, char *argv[])`
`494`	`494`	`* we know how to escape strings.`
`495`	`495`	`*/`
`496`	`496`	`encoding=PQclientEncoding(conn);`
	`497`	`+setFmtEncoding(encoding);`
`497`	`498`	`std_strings=PQparameterStatus(conn,"standard_conforming_strings");`
`498`	`499`	`if (!std_strings)`
`499`	`500`	`std_strings="off";`

`‎src/bin/psql/command.c`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1285,6 +1285,7 @@ exec_command_encoding(PsqlScanState scan_state, bool active_branch)`
`1285`	`1285`	`/* save encoding info into psql internal data */`
`1286`	`1286`	`pset.encoding=PQclientEncoding(pset.db);`
`1287`	`1287`	`pset.popt.topt.encoding=pset.encoding;`
	`1288`	`+setFmtEncoding(pset.encoding);`
`1288`	`1289`	`SetVariable(pset.vars,"ENCODING",`
`1289`	`1290`	`pg_encoding_to_char(pset.encoding));`
`1290`	`1291`	`}`
`@@ -3740,6 +3741,8 @@ SyncVariables(void)`
`3740`	`3741`	`pset.popt.topt.encoding=pset.encoding;`
`3741`	`3742`	`pset.sversion=PQserverVersion(pset.db);`
`3742`	`3743`
	`3744`	`+setFmtEncoding(pset.encoding);`
	`3745`	`+`
`3743`	`3746`	`SetVariable(pset.vars,"DBNAME",PQdb(pset.db));`
`3744`	`3747`	`SetVariable(pset.vars,"USER",PQuser(pset.db));`
`3745`	`3748`	`SetVariable(pset.vars,"HOST",PQhost(pset.db));`

`‎src/bin/scripts/common.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -112,8 +112,9 @@ appendQualifiedRelation(PQExpBuffer buf, const char *spec,`
`112`	`112`	`exit(1);`
`113`	`113`	`}`
`114`	`114`	`appendPQExpBufferStr(buf,`
`115`		`-fmtQualifiedId(PQgetvalue(res,0,1),`
`116`		`-PQgetvalue(res,0,0)));`
	`115`	`+fmtQualifiedIdEnc(PQgetvalue(res,0,1),`
	`116`	`+PQgetvalue(res,0,0),`
	`117`	`+PQclientEncoding(conn)));`
`117`	`118`	`appendPQExpBufferStr(buf,columns);`
`118`	`119`	`PQclear(res);`
`119`	`120`	`termPQExpBuffer(&sql);`

`‎src/bin/scripts/createdb.c`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -196,6 +196,8 @@ main(int argc, char *argv[])`
`196`	`196`
`197`	`197`	`conn=connectMaintenanceDatabase(&cparams,progname,echo);`
`198`	`198`
	`199`	`+setFmtEncoding(PQclientEncoding(conn));`
	`200`	`+`
`199`	`201`	`initPQExpBuffer(&sql);`
`200`	`202`
`201`	`203`	`appendPQExpBuffer(&sql,"CREATE DATABASE %s",`

`‎src/bin/scripts/createuser.c`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -261,6 +261,8 @@ main(int argc, char *argv[])`
`261`	`261`
`262`	`262`	`conn=connectMaintenanceDatabase(&cparams,progname,echo);`
`263`	`263`
	`264`	`+setFmtEncoding(PQclientEncoding(conn));`
	`265`	`+`
`264`	`266`	`initPQExpBuffer(&sql);`
`265`	`267`
`266`	`268`	`printfPQExpBuffer(&sql,"CREATE ROLE %s",fmtId(newuser));`

`‎src/bin/scripts/dropdb.c`

Lines changed: 6 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -129,13 +129,6 @@ main(int argc, char *argv[])`
`129`	`129`	`exit(0);`
`130`	`130`	`}`
`131`	`131`
`132`		`-initPQExpBuffer(&sql);`
`133`		`-`
`134`		`-appendPQExpBuffer(&sql,"DROP DATABASE %s%s%s;",`
`135`		`- (if_exists ?"IF EXISTS " :""),`
`136`		`-fmtId(dbname),`
`137`		`-force ?" WITH (FORCE)" :"");`
`138`		`-`
`139`	`132`	`/* Avoid trying to drop postgres db while we are connected to it. */`
`140`	`133`	`if (maintenance_db==NULL&&strcmp(dbname,"postgres")==0)`
`141`	`134`	`maintenance_db="template1";`
`@@ -149,6 +142,12 @@ main(int argc, char *argv[])`
`149`	`142`
`150`	`143`	`conn=connectMaintenanceDatabase(&cparams,progname,echo);`
`151`	`144`
	`145`	`+initPQExpBuffer(&sql);`
	`146`	`+appendPQExpBuffer(&sql,"DROP DATABASE %s%s%s;",`
	`147`	`+ (if_exists ?"IF EXISTS " :""),`
	`148`	`+fmtIdEnc(dbname,PQclientEncoding(conn)),`
	`149`	`+force ?" WITH (FORCE)" :"");`
	`150`	`+`
`152`	`151`	`if (echo)`
`153`	`152`	`printf("%s\n",sql.data);`
`154`	`153`	`result=PQexec(conn,sql.data);`

`‎src/bin/scripts/dropuser.c`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,8 @@ main(int argc, char *argv[])`
`143`	`143`
`144`	`144`	`initPQExpBuffer(&sql);`
`145`	`145`	`appendPQExpBuffer(&sql,"DROP ROLE %s%s;",`
`146`		`- (if_exists ?"IF EXISTS " :""),fmtId(dropuser));`
	`146`	`+ (if_exists ?"IF EXISTS " :""),`
	`147`	`+fmtIdEnc(dropuser,PQclientEncoding(conn)));`
`147`	`148`
`148`	`149`	`if (echo)`
`149`	`150`	`printf("%s\n",sql.data);`

`‎src/bin/scripts/reindexdb.c`

Lines changed: 7 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -501,7 +501,8 @@ run_reindex_command(PGconn conn, ReindexType type, const char name,`
`501`	`501`
`502`	`502`	`if (tablespace)`
`503`	`503`	`{`
`504`		`-appendPQExpBuffer(&sql,"%sTABLESPACE %s",sep,fmtId(tablespace));`
	`504`	`+appendPQExpBuffer(&sql,"%sTABLESPACE %s",sep,`
	`505`	`+fmtIdEnc(tablespace,PQclientEncoding(conn)));`
`505`	`506`	`sep=comma;`
`506`	`507`	`}`
`507`	`508`
`@@ -541,7 +542,8 @@ run_reindex_command(PGconn conn, ReindexType type, const char name,`
`541`	`542`	`{`
`542`	`543`	`caseREINDEX_DATABASE:`
`543`	`544`	`caseREINDEX_SYSTEM:`
`544`		`-appendPQExpBufferStr(&sql,fmtId(name));`
	`545`	`+appendPQExpBufferStr(&sql,`
	`546`	`+fmtIdEnc(name,PQclientEncoding(conn)));`
`545`	`547`	`break;`
`546`	`548`	`caseREINDEX_INDEX:`
`547`	`549`	`caseREINDEX_TABLE:`
`@@ -711,8 +713,9 @@ get_parallel_object_list(PGconn *conn, ReindexType type,`
`711`	`713`	`for (i=0;i<ntups;i++)`
`712`	`714`	`{`
`713`	`715`	`appendPQExpBufferStr(&buf,`
`714`		`-fmtQualifiedId(PQgetvalue(res,i,1),`
`715`		`-PQgetvalue(res,i,0)));`
	`716`	`+fmtQualifiedIdEnc(PQgetvalue(res,i,1),`
	`717`	`+PQgetvalue(res,i,0),`
	`718`	`+PQclientEncoding(conn)));`
`716`	`719`
`717`	`720`	`simple_string_list_append(tables,buf.data);`
`718`	`721`	`resetPQExpBuffer(&buf);`

`‎src/bin/scripts/vacuumdb.c`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -646,8 +646,9 @@ vacuum_one_database(ConnParams *cparams,`
`646`	`646`	`for (i=0;i<ntups;i++)`
`647`	`647`	`{`
`648`	`648`	`appendPQExpBufferStr(&buf,`
`649`		`-fmtQualifiedId(PQgetvalue(res,i,1),`
`650`		`-PQgetvalue(res,i,0)));`
	`649`	`+fmtQualifiedIdEnc(PQgetvalue(res,i,1),`
	`650`	`+PQgetvalue(res,i,0),`
	`651`	`+PQclientEncoding(conn)));`
`651`	`652`
`652`	`653`	`if (tables_listed&& !PQgetisnull(res,i,2))`
`653`	`654`	`appendPQExpBufferStr(&buf,PQgetvalue(res,i,2));`

`‎src/fe_utils/string_utils.c`

Lines changed: 78 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -19,13 +19,16 @@`
`19`	`19`
`20`	`20`	`#include"common/keywords.h"`
`21`	`21`	`#include"fe_utils/string_utils.h"`
	`22`	`+#include"mb/pg_wchar.h"`
`22`	`23`
`23`	`24`	`staticPQExpBufferdefaultGetLocalPQExpBuffer(void);`
`24`	`25`
`25`	`26`	`/* Globals exported by this file */`
`26`	`27`	`intquote_all_identifiers=0;`
`27`	`28`	`PQExpBuffer (*getLocalPQExpBuffer) (void)=defaultGetLocalPQExpBuffer;`
`28`	`29`
	`30`	`+staticintfmtIdEncoding=-1;`
	`31`	`+`
`29`	`32`
`30`	`33`	`/*`
`31`	`34`	`* Returns a temporary PQExpBuffer, valid until the next call to the function.`
`@@ -54,14 +57,48 @@ defaultGetLocalPQExpBuffer(void)`
`54`	`57`	`returnid_return;`
`55`	`58`	`}`
`56`	`59`
	`60`	`+/*`
	`61`	`+ * Set the encoding that fmtId() and fmtQualifiedId() use.`
	`62`	`+ *`
	`63`	`+ * This is not safe against multiple connections having different encodings,`
	`64`	`+ * but there is no real other way to address the need to know the encoding for`
	`65`	`+ * fmtId()/fmtQualifiedId() input for safe escaping. Eventually we should get`
	`66`	`+ * rid of fmtId().`
	`67`	`+ */`
	`68`	`+void`
	`69`	`+setFmtEncoding(intencoding)`
	`70`	`+{`
	`71`	`+fmtIdEncoding=encoding;`
	`72`	`+}`
	`73`	`+`
	`74`	`+/*`
	`75`	`+ * Return the currently configured encoding for fmtId() and fmtQualifiedId().`
	`76`	`+ */`
	`77`	`+staticint`
	`78`	`+getFmtEncoding(void)`
	`79`	`+{`
	`80`	`+if (fmtIdEncoding!=-1)`
	`81`	`+returnfmtIdEncoding;`
	`82`	`+`
	`83`	`+/*`
	`84`	`+ * In assertion builds it seems best to fail hard if the encoding was not`
	`85`	`+ * set, to make it easier to find places with missing calls. But in`
	`86`	`+ * production builds that seems like a bad idea, thus we instead just`
	`87`	`+ * default to UTF-8.`
	`88`	`+ */`
	`89`	`+Assert(fmtIdEncoding!=-1);`
	`90`	`+`
	`91`	`+returnPG_UTF8;`
	`92`	`+}`
	`93`	`+`
`57`	`94`	`/*`
`58`	`95`	`*Quotes input string if it's not a legitimate SQL identifier as-is.`
`59`	`96`	`*`
`60`		`- *Note that the returned string must be used before callingfmtId again,`
	`97`	`+ *Note that the returned string must be used before callingfmtIdEnc again,`
`61`	`98`	`*since we re-use the same return buffer each time.`
`62`	`99`	`*/`
`63`	`100`	`constchar*`
`64`		`-fmtId(constchar*rawid)`
	`101`	`+fmtIdEnc(constchar*rawid,intencoding)`
`65`	`102`	`{`
`66`	`103`	`PQExpBufferid_return=getLocalPQExpBuffer();`
`67`	`104`
`@@ -134,25 +171,42 @@ fmtId(const char *rawid)`
`134`	`171`	`}`
`135`	`172`
`136`	`173`	`/*`
`137`		`- * fmtQualifiedId - construct a schema-qualified name, with quoting as needed.`
	`174`	`+ *Quotes input string if it's not a legitimate SQL identifier as-is.`
	`175`	`+ *`
	`176`	`+ *Note that the returned string must be used before calling fmtId again,`
	`177`	`+ *since we re-use the same return buffer each time.`
	`178`	`+ *`
	`179`	`+ * NB: This assumes setFmtEncoding() previously has been called to configure`
	`180`	`+ * the encoding of rawid. It is preferable to use fmtIdEnc() with an`
	`181`	`+ * explicit encoding.`
	`182`	`+ */`
	`183`	`+constchar*`
	`184`	`+fmtId(constchar*rawid)`
	`185`	`+{`
	`186`	`+returnfmtIdEnc(rawid,getFmtEncoding());`
	`187`	`+}`
	`188`	`+`
	`189`	`+/*`
	`190`	`+ * fmtQualifiedIdEnc - construct a schema-qualified name, with quoting as`
	`191`	`+ * needed.`
`138`	`192`	`*`
`139`	`193`	`* Like fmtId, use the result before calling again.`
`140`	`194`	`*`
`141`	`195`	`* Since we call fmtId and it also uses getLocalPQExpBuffer() we cannot`
`142`	`196`	`* use that buffer until we're finished with calling fmtId().`
`143`	`197`	`*/`
`144`	`198`	`constchar*`
`145`		`-fmtQualifiedId(constcharschema,constcharid)`
	`199`	`+fmtQualifiedIdEnc(constcharschema,constcharid,intencoding)`
`146`	`200`	`{`
`147`	`201`	`PQExpBufferid_return;`
`148`	`202`	`PQExpBufferlcl_pqexp=createPQExpBuffer();`
`149`	`203`
`150`	`204`	`/* Some callers might fail to provide a schema name */`
`151`	`205`	`if (schema&&*schema)`
`152`	`206`	`{`
`153`		`-appendPQExpBuffer(lcl_pqexp,"%s.",fmtId(schema));`
	`207`	`+appendPQExpBuffer(lcl_pqexp,"%s.",fmtIdEnc(schema,encoding));`
`154`	`208`	`}`
`155`		`-appendPQExpBufferStr(lcl_pqexp,fmtId(id));`
	`209`	`+appendPQExpBufferStr(lcl_pqexp,fmtIdEnc(id,encoding));`
`156`	`210`
`157`	`211`	`id_return=getLocalPQExpBuffer();`
`158`	`212`
`@@ -162,6 +216,24 @@ fmtQualifiedId(const char schema, const char id)`
`162`	`216`	`returnid_return->data;`
`163`	`217`	`}`
`164`	`218`
	`219`	`+/*`
	`220`	`+ * fmtQualifiedId - construct a schema-qualified name, with quoting as needed.`
	`221`	`+ *`
	`222`	`+ * Like fmtId, use the result before calling again.`
	`223`	`+ *`
	`224`	`+ * Since we call fmtId and it also uses getLocalPQExpBuffer() we cannot`
	`225`	`+ * use that buffer until we're finished with calling fmtId().`
	`226`	`+ *`
	`227`	`+ * NB: This assumes setFmtEncoding() previously has been called to configure`
	`228`	`+ * the encoding of schema/id. It is preferable to use fmtQualifiedIdEnc()`
	`229`	`+ * with an explicit encoding.`
	`230`	`+ */`
	`231`	`+constchar*`
	`232`	`+fmtQualifiedId(constcharschema,constcharid)`
	`233`	`+{`
	`234`	`+returnfmtQualifiedIdEnc(schema,id,getFmtEncoding());`
	`235`	`+}`
	`236`	`+`
`165`	`237`
`166`	`238`	`/*`
`167`	`239`	`* Format a Postgres version number (in the PG_VERSION_NUM integer format`

`‎src/include/fe_utils/string_utils.h`

Lines changed: 3 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,10 @@ extern PQExpBuffer (*getLocalPQExpBuffer) (void);`
`25`	`25`
`26`	`26`	`/* Functions */`
`27`	`27`	`externconstcharfmtId(constcharidentifier);`
	`28`	`+externconstcharfmtIdEnc(constcharidentifier,intencoding);`
`28`	`29`	`externconstcharfmtQualifiedId(constcharschema,constchar*id);`
	`30`	`+externconstcharfmtQualifiedIdEnc(constcharschema,constchar*id,intencoding);`
	`31`	`+externvoidsetFmtEncoding(intencoding);`
`29`	`32`
`30`	`33`	`externchar*formatPGVersionNumber(intversion_number,boolinclude_minor,`
`31`	`34`	`char*buf,size_tbuflen);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitb1756da

File tree

13 files changed

13 files changed

`‎src/bin/pg_dump/pg_backup_archiver.c`

`‎src/bin/pg_dump/pg_dump.c`

`‎src/bin/pg_dump/pg_dumpall.c`

`‎src/bin/psql/command.c`

`‎src/bin/scripts/common.c`

`‎src/bin/scripts/createdb.c`

`‎src/bin/scripts/createuser.c`

`‎src/bin/scripts/dropdb.c`

`‎src/bin/scripts/dropuser.c`

`‎src/bin/scripts/reindexdb.c`

`‎src/bin/scripts/vacuumdb.c`

`‎src/fe_utils/string_utils.c`

`‎src/include/fe_utils/string_utils.h`

0 commit comments