projects / postgresql.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e98c8c) | patch
Fix handling of invalidly encoded data in escaping functions
authorAndres Freund <andres@anarazel.de>
Mon, 10 Feb 2025 15:03:37 +0000 (10:03 -0500)
committerAndres Freund <andres@anarazel.de>
Mon, 10 Feb 2025 15:03:37 +0000 (10:03 -0500)
commit5dc1e42b4fa6a4434afa7d7cdcf0291351a7b873
tree748d66684f700b2a6a013566be6df5e0fce8199etree
parent3e98c8ce50e46d58b91bf3ea806e995296dc5b91commit | diff
Fix handling of invalidly encoded data in escaping functions

Previously invalidly encoded input to various escaping functions could lead to
the escaped string getting incorrectly parsed by psql.  To be safe, escaping
functions need to ensure that neither invalid nor incomplete multi-byte
characters can be used to "escape" from being quoted.

Functions which can report errors now return an error in more cases than
before. Functions that cannot report errors now replace invalid input bytes
with a byte sequence that cannot be used to escape the quotes and that is
guaranteed to error out when a query is sent to the server.

The following functions are fixed by this commit:
- PQescapeLiteral()
- PQescapeIdentifier()
- PQescapeString()
- PQescapeStringConn()
- fmtId()
- appendStringLiteral()

Reported-by: Stephen Fewer <stephen_fewer@rapid7.com>
Reviewed-by: Noah Misch <noah@leadboat.com>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Backpatch-through: 13
Security: CVE-2025-1094
src/fe_utils/string_utils.c diff | blob | blame | history
src/interfaces/libpq/fe-exec.c diff | blob | blame | history
This is the main PostgreSQL git repository.