CVSROOT: /cvsroot
Module name: pgsql-server
Changes by: [EMAIL PROTECTED] 03/07/23 21:30:39
Modified files:
src/interfaces/jdbc/org/postgresql: Driver.java.in
src/interfaces/jdbc/org/postgresql/jdbc1:
AbstractJdbc1Statement.java
Log message:
Fixes additional sql injection vulnerabilities reported by Oliver Jowett
and Dmitry Tkach. Specifically the previous fix still allowed the statement
termination character through in unquoted places in the sql statement, and the driver
never correctly handled someone passing a value of \0 in a string which under the v2
protocol would end the statement causing the following text to possibly
be treated as a new sql statement
Modified Files:
jdbc/org/postgresql/Driver.java.in
jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend
