pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- REL_14_STABLE Details --- https://git.postgresql.org/pg/commitdiff/c08309584ac58a28072fa2c4765fb4c4c01a901d Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 73 +++-- 2 files changed, 67 insertions(+), 97 deletions(-)
pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- REL_17_STABLE Details --- https://git.postgresql.org/pg/commitdiff/3abe6e04cc69d1076a695d90e179dd64010a2667 Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 69 ++-- 2 files changed, 65 insertions(+), 95 deletions(-)
pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- REL_15_STABLE Details --- https://git.postgresql.org/pg/commitdiff/e782a63ccb76a8db476abb8f5d96397806e3e51b Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 73 +++-- 2 files changed, 67 insertions(+), 97 deletions(-)
pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- REL_13_STABLE Details --- https://git.postgresql.org/pg/commitdiff/d6d29b2133f1c2a7d4f332bf68b2f40c8de3044c Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 73 +++-- 2 files changed, 67 insertions(+), 97 deletions(-)
pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- REL_16_STABLE Details --- https://git.postgresql.org/pg/commitdiff/991a60a9f23bd2b160e223c46bb2ae1db58f738a Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 69 ++-- 2 files changed, 65 insertions(+), 95 deletions(-)
pgsql: Make escaping functions retain trailing bytes of an invalid char
Make escaping functions retain trailing bytes of an invalid character. Instead of dropping the trailing byte(s) of an invalid or incomplete multibyte character, replace only the first byte with a known-invalid sequence, and process the rest normally. This seems less likely to confuse incautious callers than the behavior adopted in 5dc1e42b4. While we're at it, adjust PQescapeStringInternal to produce at most one bleat about invalid multibyte characters per string. This matches the behavior of PQescapeInternal, and avoids the risk of producing tons of repetitive junk if a long string is simply given in the wrong encoding. This is a followup to the fixes for CVE-2025-1094, and should be included if cherry-picking those fixes. Author: Andres Freund Co-authored-by: Tom Lane Reported-by: Jeff Davis Discussion: https://postgr.es/m/20250215012712...@rfd.leadboat.com Backpatch-through: 13 Branch -- master Details --- https://git.postgresql.org/pg/commitdiff/9f45e6a91d8460ac0b1f30e6ae3eefb185b8d0ab Modified Files -- src/fe_utils/string_utils.c| 91 -- src/interfaces/libpq/fe-exec.c | 69 ++-- 2 files changed, 65 insertions(+), 95 deletions(-)
