]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 47f14e7) | patch
Fixes additional sql injection vulnerabilities reported by Oliver Jowett
authorBarry Lind <barry@xythos.com>
Thu, 24 Jul 2003 00:30:39 +0000 (00:30 +0000)
committerBarry Lind <barry@xythos.com>
Thu, 24 Jul 2003 00:30:39 +0000 (00:30 +0000)
commita7a012d1677cc81e32c2dfda1aa9ec083fe6a295
tree0070cb3c313e07e822902e13ba8ecc858063c5edtree | snapshot
parent47f14e7ddf4a1e139ca1a05e673be4f1d3c1dc06commit | diff
Fixes additional sql injection vulnerabilities reported by Oliver Jowett
and Dmitry Tkach.  Specifically the previous fix still allowed the statement termination character through in unquoted places in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string which under the v2 protocol would end the statement causing the following text to possibly
be treated as a new sql statement
 Modified Files:
  jdbc/org/postgresql/Driver.java.in
  jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
src/interfaces/jdbc/org/postgresql/Driver.java.in diff | blob | history
src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.