Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita7a012d

Browse files
author
Barry Lind
committed
Fixes additional sql injection vulnerabilities reported by Oliver Jowett
and Dmitry Tkach. Specifically the previous fix still allowed the statement termination character through in unquoted places in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string which under the v2 protocol would end the statement causing the following text to possiblybe treated as a new sql statement Modified Files: jdbc/org/postgresql/Driver.java.in jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
1 parent47f14e7 commita7a012d

File tree

2 files changed

+21
-9
lines changed

2 files changed

+21
-9
lines changed

‎src/interfaces/jdbc/org/postgresql/Driver.java.in

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
* Copyright (c) 2003, PostgreSQL Global Development Group
77
*
88
* IDENTIFICATION
9-
* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/Attic/Driver.java.in,v 1.33 2003/07/22 05:17:09 barry Exp $
9+
* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/Attic/Driver.java.in,v 1.34 2003/07/24 00:30:38 barry Exp $
1010
*
1111
*-------------------------------------------------------------------------
1212
*/
@@ -503,6 +503,6 @@ public class Driver implements java.sql.Driver
503503

504504

505505
//The build number should be incremented for every new build
506-
private static int m_buildNumber =207;
506+
private static int m_buildNumber =208;
507507

508508
}

‎src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java

Lines changed: 19 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@
2525
importjava.sql.Types;
2626
importjava.util.Vector;
2727

28-
/* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/jdbc1/Attic/AbstractJdbc1Statement.java,v 1.28 2003/07/22 05:17:09 barry Exp $
28+
/* $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/jdbc1/Attic/AbstractJdbc1Statement.java,v 1.29 2003/07/24 00:30:39 barry Exp $
2929
* This class defines methods of the jdbc1 specification. This class is
3030
* extended by org.postgresql.jdbc2.AbstractJdbc2Statement which adds the jdbc2
3131
* methods. The real Statement class (for jdbc1) is org.postgresql.jdbc1.Jdbc1Statement
@@ -1036,7 +1036,7 @@ public void setString(int parameterIndex, String x, String type) throws SQLExcep
10361036
sbuf.setLength(0);
10371037
sbuf.ensureCapacity(x.length() + (int)(x.length() /10));
10381038
sbuf.append('\'');
1039-
escapeString(x,sbuf);
1039+
escapeString(x,sbuf,true);
10401040
sbuf.append('\'');
10411041
bind(parameterIndex,sbuf.toString(),type);
10421042
}
@@ -1050,18 +1050,30 @@ private String escapeString(String p_input) {
10501050
{
10511051
sbuf.setLength(0);
10521052
sbuf.ensureCapacity(p_input.length());
1053-
escapeString(p_input,sbuf);
1053+
escapeString(p_input,sbuf,false);
10541054
returnsbuf.toString();
10551055
}
10561056
}
10571057

1058-
privatevoidescapeString(Stringp_input,StringBufferp_output) {
1058+
privatevoidescapeString(Stringp_input,StringBufferp_output,booleanp_allowStatementTerminator) {
10591059
for (inti =0 ;i <p_input.length() ; ++i)
10601060
{
10611061
charc =p_input.charAt(i);
1062-
if (c =='\\' ||c =='\'')
1063-
p_output.append((char)'\\');
1064-
p_output.append(c);
1062+
switch (c)
1063+
{
1064+
case'\\':
1065+
case'\'':
1066+
p_output.append('\\');
1067+
p_output.append(c);
1068+
break;
1069+
case'\0':
1070+
thrownewIllegalArgumentException("\\0 not allowed");
1071+
case';':
1072+
if (!p_allowStatementTerminator)
1073+
thrownewIllegalArgumentException("semicolon not allowed");
1074+
default:
1075+
p_output.append(c);
1076+
}
10651077
}
10661078
}
10671079

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp