Patch applied. Thanks. > "Joe Conway" <[EMAIL PROTECTED]> writes: > > > I found a problem with PQescapeString (I think). Since it escapes > > null bytes to be literally '\0', the following can happen: > > 1. User inputs string value as "<null byte>##" where ## are digits in the > > range of 0 to 7. > > 2. PQescapeString converts this to "\0##" > > 3. Escaped string is used in a context that causes "\0##" to be evaluated as > > an octal escape sequence. > > I agree that this is a problem, though it is not possible to do > anything harmful with it. In addition, it only occurs if there are > any NUL characters in its input, which is very unlikely if you are > using C strings. > > The patch below addresses the issue by removing escaping of \0 > characters entirely. > > > If the goal is to "safely" encode null bytes, and preserve the rest of the > > string as it was entered, I think the null bytes should be escaped as \\000 > > (note that if you simply use \000 the same string truncation problem > > occurs). > > We can't do that, this would require 4n + 1 bytes of storage for the > result, breaking the interface. > > -- > Florian Weimer [EMAIL PROTECTED] > University of Stuttgart http://cert.uni-stuttgart.de/ > RUS-CERT +49-711-685-5973/fax +49-711-685-5898 > [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to [EMAIL PROTECTED] so that your > message can get through to the mailing list cleanly -- Bruce Momjian | http://candle.pha.pa.us [EMAIL PROTECTED] | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026 ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
