Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb3eb4ea

Browse files
committed
Add a new GUC parameter backslash_quote, which determines whether the SQL
parser will allow "\'" to be used to represent a literal quote mark. The"\'" representation has been deprecated for some time in favor of theSQL-standard representation "''" (two single quote marks), but it has beenused often enough that just disallowing it immediately won't do. Hencebackslash_quote allows the settings "on", "off", and "safe_encoding",the last meaning to allow "\'" only if client_encoding is a valid serverencoding. That is now the default, and the reason is that in encodingssuch as SJIS that allow 0x5c (ASCII backslash) to be the last byte of amultibyte character, accepting "\'" allows SQL-injection attacks as perCVE-2006-2314 (further details will be published after release). The"on" setting is available for backward compatibility, but it must not beused with clients that are exposed to untrusted input.Thanks to Akio Ishida and Yasuo Ohgaki for identifying this security issue.
1 parentc61a2f5 commitb3eb4ea

File tree

5 files changed

+98
-4
lines changed

5 files changed

+98
-4
lines changed

‎doc/src/sgml/config.sgml

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.58 2006/05/11 19:15:35 tgl Exp $ -->
1+
<!-- $PostgreSQL: pgsql/doc/src/sgml/config.sgml,v 1.59 2006/05/21 20:10:42 tgl Exp $ -->
22

33
<chapter Id="runtime-config">
44
<title>Server Configuration</title>
@@ -3695,6 +3695,42 @@ dynamic_library_path = 'C:\tools\postgresql;H:\my_project\lib;$libdir'
36953695
</listitem>
36963696
</varlistentry>
36973697

3698+
<varlistentry id="guc-backslash-quote" xreflabel="backslash_quote">
3699+
<term><varname>backslash_quote</varname> (<type>string</type>)</term>
3700+
<indexterm><primary>strings</><secondary>backslash quotes</></>
3701+
<indexterm>
3702+
<primary><varname>backslash_quote</> configuration parameter</primary>
3703+
</indexterm>
3704+
<listitem>
3705+
<para>
3706+
This controls whether a quote mark can be represented by
3707+
<literal>\'</> in a string literal. The preferred, SQL-standard way
3708+
to represent a quote mark is by doubling it (<literal>''</>) but
3709+
<productname>PostgreSQL</> has historically also accepted
3710+
<literal>\'</>. However, use of <literal>\'</> creates security risks
3711+
because in some client character set encodings, there are multibyte
3712+
characters in which the last byte is numerically equivalent to ASCII
3713+
<literal>\</>. If client-side code does escaping incorrectly then a
3714+
SQL-injection attack is possible. This risk can be prevented by
3715+
making the server reject queries in which a quote mark appears to be
3716+
escaped by a backslash.
3717+
The allowed values of <varname>backslash_quote</> are
3718+
<literal>on</> (allow <literal>\'</> always),
3719+
<literal>off</> (reject always), and
3720+
<literal>safe_encoding</> (allow only if client encoding does not
3721+
allow ASCII <literal>\</> within a multibyte character).
3722+
<literal>safe_encoding</> is the default setting.
3723+
</para>
3724+
3725+
<para>
3726+
Note that in a standard-conforming string literal, <literal>\</> just
3727+
means <literal>\</> anyway. This parameter affects the handling of
3728+
non-standard-conforming literals, including
3729+
escape string syntax (<literal>E'...'</>).
3730+
</para>
3731+
</listitem>
3732+
</varlistentry>
3733+
36983734
<varlistentry id="guc-default-with-oids" xreflabel="default_with_oids">
36993735
<term><varname>default_with_oids</varname> (<type>boolean</type>)</term>
37003736
<indexterm>

‎src/backend/parser/scan.l

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@
2424
* Portions Copyright (c) 1994, Regents of the University of California
2525
*
2626
* IDENTIFICATION
27-
* $PostgreSQL: pgsql/src/backend/parser/scan.l,v 1.134 2006/05/11 19:15:35 tgl Exp $
27+
* $PostgreSQL: pgsql/src/backend/parser/scan.l,v 1.135 2006/05/21 20:10:42 tgl Exp $
2828
*
2929
*-------------------------------------------------------------------------
3030
*/
@@ -55,6 +55,7 @@ static char *dolqstart; /* current $foo$ quote start string */
5555
* But we shall have to live with it as a short-term thing until the switch
5656
* to SQL-standard string syntax is complete.
5757
*/
58+
BackslashQuoteType backslash_quote = BACKSLASH_QUOTE_SAFE_ENCODING;
5859
boolescape_string_warning =true;
5960
boolstandard_conforming_strings =false;
6061

@@ -452,6 +453,17 @@ other.
452453
addlit(yytext, yyleng);
453454
}
454455
<xe>{xeescape} {
456+
if (yytext[1] =='\'')
457+
{
458+
if (backslash_quote == BACKSLASH_QUOTE_OFF ||
459+
(backslash_quote == BACKSLASH_QUOTE_SAFE_ENCODING &&
460+
PG_ENCODING_IS_CLIENT_ONLY(pg_get_client_encoding())))
461+
ereport(ERROR,
462+
(errcode(ERRCODE_NONSTANDARD_USE_OF_ESCAPE_CHARACTER),
463+
errmsg("unsafe use of\\' in a string literal"),
464+
errhint("Use '' to write quotes in strings.\\' is insecure in client-only encodings."),
465+
lexer_errposition()));
466+
}
455467
check_string_escape_warning(yytext[1]);
456468
addlitchar(unescape_single_char(yytext[1]));
457469
}

‎src/backend/utils/misc/guc.c

Lines changed: 38 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
* Written by Peter Eisentraut <peter_e@gmx.net>.
1111
*
1212
* IDENTIFICATION
13-
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.319 2006/05/11 19:15:35 tgl Exp $
13+
* $PostgreSQL: pgsql/src/backend/utils/misc/guc.c,v 1.320 2006/05/21 20:10:42 tgl Exp $
1414
*
1515
*--------------------------------------------------------------------
1616
*/
@@ -138,6 +138,7 @@ static bool assign_stage_log_stats(bool newval, bool doit, GucSource source);
138138
staticboolassign_log_stats(boolnewval,booldoit,GucSourcesource);
139139
staticboolassign_transaction_read_only(boolnewval,booldoit,GucSourcesource);
140140
staticconstchar*assign_canonical_path(constchar*newval,booldoit,GucSourcesource);
141+
staticconstchar*assign_backslash_quote(constchar*newval,booldoit,GucSourcesource);
141142

142143
staticboolassign_tcp_keepalives_idle(intnewval,booldoit,GucSourcesource);
143144
staticboolassign_tcp_keepalives_interval(intnewval,booldoit,GucSourcesource);
@@ -210,6 +211,7 @@ static char *syslog_ident_str;
210211
staticboolphony_autocommit;
211212
staticboolsession_auth_is_superuser;
212213
staticdoublephony_random_seed;
214+
staticchar*backslash_quote_string;
213215
staticchar*client_encoding_string;
214216
staticchar*datestyle_string;
215217
staticchar*default_iso_level_string;
@@ -1716,6 +1718,15 @@ static struct config_string ConfigureNamesString[] =
17161718
"",NULL,NULL
17171719
},
17181720

1721+
{
1722+
{"backslash_quote",PGC_USERSET,COMPAT_OPTIONS_PREVIOUS,
1723+
gettext_noop("Sets whether \"\\'\" is allowed in string literals."),
1724+
gettext_noop("Valid values are ON, OFF, and SAFE_ENCODING.")
1725+
},
1726+
&backslash_quote_string,
1727+
"safe_encoding",assign_backslash_quote,NULL
1728+
},
1729+
17191730
{
17201731
{"client_encoding",PGC_USERSET,CLIENT_CONN_LOCALE,
17211732
gettext_noop("Sets the client's character set encoding."),
@@ -6056,6 +6067,32 @@ assign_canonical_path(const char *newval, bool doit, GucSource source)
60566067
returnnewval;
60576068
}
60586069

6070+
staticconstchar*
6071+
assign_backslash_quote(constchar*newval,booldoit,GucSourcesource)
6072+
{
6073+
BackslashQuoteTypebq;
6074+
boolbqbool;
6075+
6076+
/*
6077+
* Although only "on", "off", and "safe_encoding" are documented,
6078+
* we use parse_bool so we can accept all the likely variants of
6079+
* "on" and "off".
6080+
*/
6081+
if (pg_strcasecmp(newval,"safe_encoding")==0)
6082+
bq=BACKSLASH_QUOTE_SAFE_ENCODING;
6083+
elseif (parse_bool(newval,&bqbool))
6084+
{
6085+
bq=bqbool ?BACKSLASH_QUOTE_ON :BACKSLASH_QUOTE_OFF;
6086+
}
6087+
else
6088+
returnNULL;/* reject */
6089+
6090+
if (doit)
6091+
backslash_quote=bq;
6092+
6093+
returnnewval;
6094+
}
6095+
60596096
staticbool
60606097
assign_tcp_keepalives_idle(intnewval,booldoit,GucSourcesource)
60616098
{

‎src/backend/utils/misc/postgresql.conf.sample

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -414,6 +414,7 @@
414414

415415
#add_missing_from = off
416416
#array_nulls = on
417+
#backslash_quote = safe_encoding# on, off, or safe_encoding
417418
#default_with_oids = off
418419
#escape_string_warning = on
419420
#standard_conforming_strings = off

‎src/include/parser/gramparse.h

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group
88
* Portions Copyright (c) 1994, Regents of the University of California
99
*
10-
* $PostgreSQL: pgsql/src/include/parser/gramparse.h,v 1.35 2006/05/11 19:15:35 tgl Exp $
10+
* $PostgreSQL: pgsql/src/include/parser/gramparse.h,v 1.36 2006/05/21 20:10:42 tgl Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -27,7 +27,15 @@
2727
*/
2828
#defineYYLTYPE int
2929

30+
typedefenum
31+
{
32+
BACKSLASH_QUOTE_OFF,
33+
BACKSLASH_QUOTE_ON,
34+
BACKSLASH_QUOTE_SAFE_ENCODING
35+
}BackslashQuoteType;
36+
3037
/* GUC variables in scan.l (every one of these is a bad idea :-() */
38+
externBackslashQuoteTypebackslash_quote;
3139
externboolescape_string_warning;
3240
externboolstandard_conforming_strings;
3341

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp