Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitec3aebd

Browse files
committed
Reject, in pg_dumpall, names containing CR or LF.
These characters prematurely terminate Windows shell command processing,causing the shell to execute a prefix of the intended command. Thechief alternative to rejecting these characters was to bypass theWindows shell with CreateProcess(), but the ability to use such nameshas little value. Back-patch to 9.1 (all supported versions).This change formally revokes support for these characters in databasenames and roles names. Don't document this; the error message isself-explanatory, and too few users would benefit. A future majorrelease may forbid creation of databases and roles so named. For now,check only at known weak points in pg_dumpall. Future commits will,without notice, reject affected names from other frontend programs.Also extend the restriction to pg_dumpall --dbname=CONNSTR arguments and--file arguments. Unlike the effects on role name arguments anddatabase names, this does not reflect a broad policy change. Amigration to CreateProcess() could lift these two restrictions.Reviewed by Peter Eisentraut.Security:CVE-2016-5424
1 parent640768c commitec3aebd

File tree

1 file changed

+22
-0
lines changed

1 file changed

+22
-0
lines changed

‎src/bin/pg_dump/pg_dumpall.c

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2130,6 +2130,12 @@ doConnStrQuoting(PQExpBuffer buf, const char *str)
21302130
/*
21312131
* Append the given string to the shell command being built in the buffer,
21322132
* with suitable shell-style quoting.
2133+
*
2134+
* Forbid LF or CR characters, which have scant practical use beyond designing
2135+
* security breaches. The Windows command shell is unusable as a conduit for
2136+
* arguments containing LF or CR characters. A future major release should
2137+
* reject those characters in CREATE ROLE and CREATE DATABASE, because use
2138+
* there eventually leads to errors here.
21332139
*/
21342140
staticvoid
21352141
doShellQuoting(PQExpBufferbuf,constchar*str)
@@ -2140,6 +2146,14 @@ doShellQuoting(PQExpBuffer buf, const char *str)
21402146
appendPQExpBufferChar(buf,'\'');
21412147
for (p=str;*p;p++)
21422148
{
2149+
if (*p=='\n'||*p=='\r')
2150+
{
2151+
fprintf(stderr,
2152+
_("shell command argument contains a newline or carriage return: \"%s\"\n"),
2153+
str);
2154+
exit(EXIT_FAILURE);
2155+
}
2156+
21432157
if (*p=='\'')
21442158
appendPQExpBufferStr(buf,"'\"'\"'");
21452159
else
@@ -2151,6 +2165,14 @@ doShellQuoting(PQExpBuffer buf, const char *str)
21512165
appendPQExpBufferChar(buf,'"');
21522166
for (p=str;*p;p++)
21532167
{
2168+
if (*p=='\n'||*p=='\r')
2169+
{
2170+
fprintf(stderr,
2171+
_("shell command argument contains a newline or carriage return: \"%s\"\n"),
2172+
str);
2173+
exit(EXIT_FAILURE);
2174+
}
2175+
21542176
if (*p=='"')
21552177
appendPQExpBufferStr(buf,"\\\"");
21562178
else

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp