upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-13 07:43:11 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Tom Lane 991a60a9f2 Make escaping functions retain trailing bytes of an invalid character. 
Instead of dropping the trailing byte(s) of an invalid or incomplete
multibyte character, replace only the first byte with a known-invalid
sequence, and process the rest normally.  This seems less likely to
confuse incautious callers than the behavior adopted in 5dc1e42b4.

While we're at it, adjust PQescapeStringInternal to produce at most
one bleat about invalid multibyte characters per string.  This
matches the behavior of PQescapeInternal, and avoids the risk of
producing tons of repetitive junk if a long string is simply given
in the wrong encoding.

This is a followup to the fixes for CVE-2025-1094, and should be
included if cherry-picking those fixes.

Author: Andres Freund <andres@anarazel.de>
Co-authored-by: Tom Lane <tgl@sss.pgh.pa.us>
Reported-by: Jeff Davis <pgsql@j-davis.com>
Discussion: https://postgr.es/m/20250215012712.45@rfd.leadboat.com
Backpatch-through: 13
2025-02-15 16:20:21 -05:00
..
backend Fix assertion on dereferenced object 2025-02-14 11:50:56 +01:00
bin Specify the encoding of input to fmtId() 2025-02-10 10:03:39 -05:00
common Add pg_encoding_set_invalid() 2025-02-10 10:03:39 -05:00
fe_utils Make escaping functions retain trailing bytes of an invalid character. 2025-02-15 16:20:21 -05:00
include Specify the encoding of input to fmtId() 2025-02-10 10:03:39 -05:00
interfaces Make escaping functions retain trailing bytes of an invalid character. 2025-02-15 16:20:21 -05:00
makefiles Use --strip-unneeded when stripping static libraries with GNU strip. 2023-04-20 18:12:32 -04:00
pl Translation updates 2025-02-10 15:05:03 +01:00
port Avoid breaking SJIS encoding while de-backslashing Windows paths. 2025-01-29 14:24:36 -05:00
template Use unnamed POSIX semaphores on Cygwin. 2023-01-06 10:33:28 +13:00
test Fix PQescapeLiteral()/PQescapeIdentifier() length handling 2025-02-14 18:09:23 -05:00
timezone Update time zone data files to tzdata release 2025a. 2025-01-20 16:49:15 -05:00
tools Add test of various escape functions 2025-02-10 10:03:39 -05:00
tutorial Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
.gitignore
DEVELOPERS
Makefile Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
Makefile.global.in Suppress macOS warnings about duplicate libraries in link commands. 2023-09-29 14:07:30 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
meson.build Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
nls-global.mk Fix for make unportability 2022-07-13 09:15:01 +02:00