diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2006-05-21 20:06:45 +0000 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2006-05-21 20:06:45 +0000 |
| commit | b252352241fdeea313831e4c0da6317b70537514 (patch) | |
| tree | 9dd1925085cd9073bde96759a35328e1b68648ab /src/backend/access | |
| parent | 48498602a0536dcd4a840b83f37c7aaeb03dc6df (diff) | |
| download | postgresql-b252352241fdeea313831e4c0da6317b70537514.tar.gz postgresql-b252352241fdeea313831e4c0da6317b70537514.zip | |
Change the backend to reject strings containing invalidly-encoded multibyte
characters in all cases. Formerly we mostly just threw warnings for invalid
input, and failed to detect it at all if no encoding conversion was required.
The tighter check is needed to defend against SQL-injection attacks as per
CVE-2006-2313 (further details will be published after release). Embedded
zero (null) bytes will be rejected as well. The checks are applied during
input to the backend (receipt from client or COPY IN), so it no longer seems
necessary to check in textin() and related routines; any string arriving at
those functions will already have been validated. Conversion failure
reporting (for characters with no equivalent in the destination encoding)
has been cleaned up and made consistent while at it.
Also, fix a few longstanding errors in little-used encoding conversion
routines: win1251_to_iso, win866_to_iso, euc_tw_to_big5, euc_tw_to_mic,
mic_to_euc_tw were all broken to varying extents.
Patches by Tatsuo Ishii and Tom Lane. Thanks to Akio Ishida and Yasuo Ohgaki
for identifying the security issues.
Diffstat (limited to 'src/backend/access')
| -rw-r--r-- | src/backend/access/transam/xact.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/src/backend/access/transam/xact.c b/src/backend/access/transam/xact.c index 266b31e0b3e..ba48e727e40 100644 --- a/src/backend/access/transam/xact.c +++ b/src/backend/access/transam/xact.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/access/transam/xact.c,v 1.156.2.2 2004/10/29 22:20:03 tgl Exp $ + * $Header: /cvsroot/pgsql/src/backend/access/transam/xact.c,v 1.156.2.3 2006/05/21 20:06:43 tgl Exp $ * * NOTES * Transaction aborts can now occur two ways: @@ -1054,9 +1054,14 @@ AbortTransaction(void) /* * check the current transaction state + * + * reduced to DEBUG2 because this is expected when rejecting an + * invalidly-encoded query outside a transaction block. PG 8.0 + * and up fix it better, but it's not worth back-porting those + * changes to 7.4. */ if (s->state != TRANS_INPROGRESS) - elog(WARNING, "AbortTransaction and not in in-progress state"); + elog(DEBUG2, "AbortTransaction and not in in-progress state"); /* * set the current transaction state information appropriately during |