From 54549d8dc4cdf837947d1782e9bdf3542e83feaa Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 13 Sep 2001 17:00:34 +0000 Subject: [PATCH] > I found a problem with PQescapeString (I think). Since it escapes > null bytes to be literally '\0', the following can happen: > 1. User inputs string value as "##" where ## are digits in the > range of 0 to 7. > 2. PQescapeString converts this to "\0##" > 3. Escaped string is used in a context that causes "\0##" to be evaluated as > an octal escape sequence. I agree that this is a problem, though it is not possible to do anything harmful with it. In addition, it only occurs if there are any NUL characters in its input, which is very unlikely if you are using C strings. The patch below addresses the issue by removing escaping of \0 characters entirely. > If the goal is to "safely" encode null bytes, and preserve the rest of the > string as it was entered, I think the null bytes should be escaped as \\000 > (note that if you simply use \000 the same string truncation problem > occurs). We can't do that, this would require 4n + 1 bytes of storage for the result, breaking the interface. Florian Weimer --- .../jdbc/org/postgresql/jdbc2/ResultSet.java | 2 +- src/interfaces/libpq/fe-exec.c | 11 ++--------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/interfaces/jdbc/org/postgresql/jdbc2/ResultSet.java b/src/interfaces/jdbc/org/postgresql/jdbc2/ResultSet.java index bf41257111..9df669910d 100644 --- a/src/interfaces/jdbc/org/postgresql/jdbc2/ResultSet.java +++ b/src/interfaces/jdbc/org/postgresql/jdbc2/ResultSet.java @@ -1396,7 +1396,7 @@ public class ResultSet extends org.postgresql.ResultSet implements java.sql.Resu if (s != null) { int c = s.charAt(0); - return ((c == 't') || (c == 'T')); + return ((c == 't') || (c == 'T') || (c == '1')); } return false; // SQL NULL } diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c index bdff56fe08..e7495dabf7 100644 --- a/src/interfaces/libpq/fe-exec.c +++ b/src/interfaces/libpq/fe-exec.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.110 2001/09/07 22:02:32 momjian Exp $ + * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.111 2001/09/13 17:00:34 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -59,7 +59,7 @@ static int getNotice(PGconn *conn); /* --------------- * Escaping arbitrary strings to get valid SQL strings/identifiers. * - * Replaces "\\" with "\\\\", "\0" with "\\0", and "'" with "''". + * Replaces "\\" with "\\\\" and "'" with "''". * length is the length of the buffer pointed to by * from. The buffer at to must be at least 2*length + 1 characters * long. A terminating NUL character is written. @@ -75,13 +75,6 @@ PQescapeString (char *to, const char *from, size_t length) while (remaining > 0) { switch (*source) { - case '\0': - *target = '\\'; - target++; - *target = '0'; - /* target and remaining are updated below. */ - break; - case '\\': *target = '\\'; target++; -- 2.40.0