NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit77c1791

committed

Use PQescapeString to ensure that tab-completion queries are not messed

up by quotes or backslashes in words that are being matched to databasenames (per gripe from Ian Barwick, though I didn't use his patch).Also fix possible memory leakage if _complete_with_query isn't run tocompletion (not clear if that can happen or not, but be safe).

1 parent2a0f1c0 commit77c1791Copy full SHA for 77c1791

File tree

1 file changed

+85

-28

lines changed

src/bin/psql
- tab-complete.c

1 file changed

+85

-28

lines changed

`‎src/bin/psql/tab-complete.c`

Lines changed: 85 additions & 28 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`*`
`4`	`4`	`* Copyright (c) 2000-2003, PostgreSQL Global Development Group`
`5`	`5`	`*`
`6`		`- * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.85 2003/09/07 15:26:54 tgl Exp $`
	`6`	`+ * $Header: /cvsroot/pgsql/src/bin/psql/tab-complete.c,v 1.86 2003/10/14 22:47:12 tgl Exp $`
`7`	`7`	`*/`
`8`	`8`
`9`	`9`	`/*----------------------------------------------------------------------`
`@@ -85,17 +85,20 @@ static char complete_from_const(const char text, int state);`
`85`	`85`	`staticcharcomplete_from_list(constchartext,intstate);`
`86`	`86`
`87`	`87`	`staticPGresultexec_query(charquery);`
`88`		`-charquote_file_name(chartext,intmatch_type,char*quote_pointer);`
`89`	`88`
`90`		`-/static char dequote_file_name(char text, char quote_char);/`
`91`	`89`	`staticchar*previous_word(intpoint,intskip);`
`92`	`90`
	`91`	`+#if0`
	`92`	`+staticcharquote_file_name(chartext,intmatch_type,char*quote_pointer);`
	`93`	`+staticchardequote_file_name(chartext,charquote_char);`
	`94`	`+#endif`
	`95`	`+`
`93`	`96`	`/* These variables are used to pass information into the completion functions.`
`94`	`97`	`Realizing that this is the cardinal sin of programming, I don't see a better`
`95`	`98`	`way. */`
`96`		`-charcompletion_charp;/ if you need to pass a string */`
`97`		`-char*completion_charpp;/ if you need to pass a list of strings */`
`98`		`-charcompletion_info_charp;/ if you need to pass another`
	`99`	`+staticcharcompletion_charp;/ if you need to pass a string */`
	`100`	`+staticchar*completion_charpp;/ if you need to pass a list of strings */`
	`101`	`+staticcharcompletion_info_charp;/ if you need to pass another`
`99`	`102`	`* string */`
`100`	`103`
`101`	`104`	`/* Store how many records from a database query we want to return at most`
`@@ -124,7 +127,10 @@ initialize_readline(void)`
`124`	`127`	`/*`
`125`	`128`	`* Queries to get lists of names of various kinds of things, possibly`
`126`	`129`	`* restricted to names matching a partially entered name. In these queries,`
`127`		`- * the %s will be replaced by the text entered so far, the %d by its length.`
	`130`	`+ * %s will be replaced by the text entered so far (suitably escaped to`
	`131`	`+ * become a SQL literal string). %d will be replaced by the length of the`
	`132`	`+ * string (in unescaped form). Beware that the allowed sequences of %s and`
	`133`	`+ * %d are determined by _complete_from_query().`
`128`	`134`	`*/`
`129`	`135`
`130`	`136`	`#defineQuery_for_list_of_aggregates \`
`@@ -401,6 +407,15 @@ initialize_readline(void)`
`401`	`407`	`" FROM pg_catalog.pg_user "\`
`402`	`408`	`" WHERE substr(usename,1,%d)='%s'"`
`403`	`409`
	`410`	`+/* the silly-looking length condition is just to eat up the current word */`
	`411`	`+#defineQuery_for_table_owning_index \`
	`412`	`+"SELECT c1.relname "\`
	`413`	`+" FROM pg_catalog.pg_class c1, pg_catalog.pg_class c2, pg_catalog.pg_index i"\`
	`414`	`+" WHERE c1.oid=i.indrelid and i.indexrelid=c2.oid"\`
	`415`	`+" and (%d = length('%s'))"\`
	`416`	`+" and c2.relname='%s'"\`
	`417`	`+" and pg_catalog.pg_table_is_visible(c2.oid)"`
	`418`	`+`
`404`	`419`	`/* This is a list of all "things" in Pgsql, which can show up after CREATE or`
`405`	`420`	`DROP; and there is also a query to get a list of them.`
`406`	`421`	`*/`
`@@ -754,15 +769,8 @@ psql_completion(char *text, int start, int end)`
`754`	`769`	`elseif (strcasecmp(prev3_wd,"CLUSTER")==0&&`
`755`	`770`	`strcasecmp(prev_wd,"ON")==0)`
`756`	`771`	`{`
`757`		`-charquery_buffer[BUF_SIZE];/* Some room to build`
`758`		`- * queries. */`
`759`		`-`
`760`		`-if (snprintf(query_buffer,BUF_SIZE,`
`761`		`-"SELECT c1.relname FROM pg_catalog.pg_class c1, pg_catalog.pg_class c2, pg_catalog.pg_index i WHERE c1.oid=i.indrelid and i.indexrelid=c2.oid and c2.relname='%s' and pg_catalog.pg_table_is_visible(c2.oid)",`
`762`		`-prev2_wd)==-1)`
`763`		`-ERROR_QUERY_TOO_LONG;`
`764`		`-else`
`765`		`-COMPLETE_WITH_QUERY(query_buffer);`
	`772`	`+completion_info_charp=prev2_wd;`
	`773`	`+COMPLETE_WITH_QUERY(Query_for_table_owning_index);`
`766`	`774`	`}`
`767`	`775`
`768`	`776`	`/* COMMENT */`
`@@ -1425,6 +1433,9 @@ complete_from_schema_query(const char *text, int state)`
`1425`	`1433`	`%d %s %d %s %d %s %s %d %s`
`1426`	`1434`	`where %d is the string length of the text and %s the text itself.`
`1427`	`1435`
	`1436`	`+ It is assumed that strings should be escaped to become SQL literals`
	`1437`	`+ (that is, what is in the query is actually ... '%s' ...)`
	`1438`	`+`
`1428`	`1439`	`See top of file for examples of both kinds of query.`
`1429`	`1440`	`*/`
`1430`	`1441`
`@@ -1434,48 +1445,93 @@ _complete_from_query(int is_schema_query, const char *text, int state)`
`1434`	`1445`	`staticintlist_index,`
`1435`	`1446`	`string_length;`
`1436`	`1447`	`staticPGresult*result=NULL;`
`1437`		`-charquery_buffer[BUF_SIZE];`
`1438`		`-constchar*item;`
`1439`	`1448`
`1440`	`1449`	`/*`
`1441`	`1450`	`* If this is the first time for this completion, we fetch a list of`
`1442`	`1451`	`* our "things" from the backend.`
`1443`	`1452`	`*/`
`1444`	`1453`	`if (state==0)`
`1445`	`1454`	`{`
	`1455`	`+charquery_buffer[BUF_SIZE];`
	`1456`	`+char*e_text;`
	`1457`	`+char*e_info_charp;`
	`1458`	`+`
`1446`	`1459`	`list_index=0;`
`1447`	`1460`	`string_length=strlen(text);`
`1448`	`1461`
	`1462`	`+/* Free any prior result */`
	`1463`	`+PQclear(result);`
	`1464`	`+result=NULL;`
	`1465`	`+`
`1449`	`1466`	`/* Need to have a query */`
`1450`	`1467`	`if (completion_charp==NULL)`
`1451`	`1468`	`returnNULL;`
`1452`	`1469`
`1453`		`-if (is_schema_query)`
	`1470`	`+/* Set up suitably-escaped copies of textual inputs */`
	`1471`	`+if (text)`
`1454`	`1472`	`{`
`1455`		`-if (snprintf(query_buffer,BUF_SIZE,completion_charp,string_length,text,string_length,text,string_length,text,text,string_length,text,string_length,text)==-1)`
`1456`		`-{`
`1457`		`-ERROR_QUERY_TOO_LONG;`
	`1473`	`+e_text= (char)malloc(strlen(text)2+1);`
	`1474`	`+if (!e_text)`
`1458`	`1475`	`returnNULL;`
`1459`		`-}`
	`1476`	`+PQescapeString(e_text,text,strlen(text));`
`1460`	`1477`	`}`
`1461`	`1478`	`else`
	`1479`	`+e_text=NULL;`
	`1480`	`+`
	`1481`	`+if (completion_info_charp)`
`1462`	`1482`	`{`
`1463`		`-if (snprintf(query_buffer,BUF_SIZE,completion_charp,string_length,text,completion_info_charp)==-1)`
	`1483`	`+e_info_charp= (char*)`
	`1484`	`+malloc(strlen(completion_info_charp)*2+1);`
	`1485`	`+if (!e_info_charp)`
`1464`	`1486`	`{`
`1465`		`-ERROR_QUERY_TOO_LONG;`
	`1487`	`+if (e_text)`
	`1488`	`+free(e_text);`
`1466`	`1489`	`returnNULL;`
`1467`	`1490`	`}`
	`1491`	`+PQescapeString(e_info_charp,completion_info_charp,`
	`1492`	`+strlen(completion_info_charp));`
	`1493`	`+}`
	`1494`	`+else`
	`1495`	`+e_info_charp=NULL;`
	`1496`	`+`
	`1497`	`+if (is_schema_query)`
	`1498`	`+{`
	`1499`	`+if (snprintf(query_buffer,BUF_SIZE,completion_charp,`
	`1500`	`+string_length,e_text,`
	`1501`	`+string_length,e_text,`
	`1502`	`+string_length,e_text,`
	`1503`	`+e_text,`
	`1504`	`+string_length,e_text,`
	`1505`	`+string_length,e_text)==-1)`
	`1506`	`+ERROR_QUERY_TOO_LONG;`
	`1507`	`+else`
	`1508`	`+result=exec_query(query_buffer);`
	`1509`	`+}`
	`1510`	`+else`
	`1511`	`+{`
	`1512`	`+if (snprintf(query_buffer,BUF_SIZE,completion_charp,`
	`1513`	`+string_length,e_text,e_info_charp)==-1)`
	`1514`	`+ERROR_QUERY_TOO_LONG;`
	`1515`	`+else`
	`1516`	`+result=exec_query(query_buffer);`
`1468`	`1517`	`}`
`1469`	`1518`
`1470`		`-result=exec_query(query_buffer);`
	`1519`	`+if (e_text)`
	`1520`	`+free(e_text);`
	`1521`	`+if (e_info_charp)`
	`1522`	`+free(e_info_charp);`
`1471`	`1523`	`}`
`1472`	`1524`
`1473`	`1525`	`/* Find something that matches */`
`1474`	`1526`	`if (result&&PQresultStatus(result)==PGRES_TUPLES_OK)`
	`1527`	`+{`
	`1528`	`+constchar*item;`
	`1529`	`+`
`1475`	`1530`	`while (list_index<PQntuples(result)&&`
`1476`	`1531`	`(item=PQgetvalue(result,list_index++,0)))`
`1477`	`1532`	`if (strncasecmp(text,item,string_length)==0)`
`1478`	`1533`	`returnxstrdup(item);`
	`1534`	`+}`
`1479`	`1535`
`1480`	`1536`	`/* If nothing matches, free the db structure and return null */`
`1481`	`1537`	`PQclear(result);`
`@@ -1585,7 +1641,8 @@ exec_query(char *query)`
`1585`	`1641`	`assert(query[strlen(query)-1]!=';');`
`1586`	`1642`	`#endif`
`1587`	`1643`
`1588`		`-if (snprintf(query_buffer,BUF_SIZE,"%s LIMIT %d;",query,completion_max_records)==-1)`
	`1644`	`+if (snprintf(query_buffer,BUF_SIZE,"%s LIMIT %d;",`
	`1645`	`+query,completion_max_records)==-1)`
`1589`	`1646`	`{`
`1590`	`1647`	`ERROR_QUERY_TOO_LONG;`
`1591`	`1648`	`returnNULL;`
`@@ -1684,7 +1741,7 @@ previous_word(int point, int skip)`
`1684`	`1741`	`* psql internal. Currently disable because it is reported not to`
`1685`	`1742`	`* cooperate with certain versions of readline.`
`1686`	`1743`	`*/`
`1687`		`-char*`
	`1744`	`+staticchar*`
`1688`	`1745`	`quote_file_name(chartext,intmatch_type,charquote_pointer)`
`1689`	`1746`	`{`
`1690`	`1747`	`char*s;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit77c1791

File tree

1 file changed

1 file changed

`‎src/bin/psql/tab-complete.c`

0 commit comments