Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit54549d8

Browse files
committed
> I found a problem with PQescapeString (I think). Since it escapes
> null bytes to be literally '\0', the following can happen:> 1. User inputs string value as "<null byte>##" where ## are digits in the> range of 0 to 7.> 2. PQescapeString converts this to "\0##"> 3. Escaped string is used in a context that causes "\0##" to be evaluated as> an octal escape sequence.I agree that this is a problem, though it is not possible to doanything harmful with it. In addition, it only occurs if there areany NUL characters in its input, which is very unlikely if you areusing C strings.The patch below addresses the issue by removing escaping of \0characters entirely.> If the goal is to "safely" encode null bytes, and preserve the rest of the> string as it was entered, I think the null bytes should be escaped as \\000> (note that if you simply use \000 the same string truncation problem> occurs).We can't do that, this would require 4n + 1 bytes of storage for theresult, breaking the interface.Florian Weimer
1 parent351a0c1 commit54549d8

File tree

2 files changed

+3
-10
lines changed

2 files changed

+3
-10
lines changed

‎src/interfaces/jdbc/org/postgresql/jdbc2/ResultSet.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1396,7 +1396,7 @@ public static boolean toBoolean(String s)
13961396
if (s !=null)
13971397
{
13981398
intc =s.charAt(0);
1399-
return ((c =='t') || (c =='T'));
1399+
return ((c =='t') || (c =='T') || (c =='1'));
14001400
}
14011401
returnfalse;// SQL NULL
14021402
}

‎src/interfaces/libpq/fe-exec.c

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.110 2001/09/07 22:02:32 momjian Exp $
11+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.111 2001/09/13 17:00:34 momjian Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -59,7 +59,7 @@ static intgetNotice(PGconn *conn);
5959
/* ---------------
6060
* Escaping arbitrary strings to get valid SQL strings/identifiers.
6161
*
62-
* Replaces "\\" with "\\\\", "\0" with "\\0", and "'" with "''".
62+
* Replaces "\\" with "\\\\" and "'" with "''".
6363
* length is the length of the buffer pointed to by
6464
* from. The buffer at to must be at least 2*length + 1 characters
6565
* long. A terminating NUL character is written.
@@ -75,13 +75,6 @@ PQescapeString (char *to, const char *from, size_t length)
7575

7676
while (remaining>0) {
7777
switch (*source) {
78-
case'\0':
79-
*target='\\';
80-
target++;
81-
*target='0';
82-
/* target and remaining are updated below. */
83-
break;
84-
8578
case'\\':
8679
*target='\\';
8780
target++;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp