rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Back-patch "Only quote libpq connection string values that need quoting." 

Back-patch commit 2953cd6d17 and certain
runPgDump() bits of 3dee636e04 to 9.2 and
9.1.  This synchronizes their doConnStrQuoting() implementations with
later releases.  Subsequent security patches will modify that function.

Security: CVE-2016-5424
This commit is contained in:
Noah Misch 2016-08-08 10:07:53 -04:00
parent 2d69f5b12e
commit c761c9fee0
1 changed files with 37 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
src/bin/pg_dump/pg_dumpall.c
View File

@ -1620,7 +1620,7 @@ dumpDatabases(PGconn *conn)
static int
runPgDump(const char *dbname)
{
PQExpBuffer connstr = createPQExpBuffer();
PQExpBuffer connstrbuf = createPQExpBuffer();
PQExpBuffer cmd = createPQExpBuffer();
int ret;
@ -1642,11 +1642,10 @@ runPgDump(const char *dbname)
* database name as is, but if it contains any = characters, it would
* incorrectly treat it as a connection string.
*/
appendPQExpBuffer(connstr, "dbname='");
doConnStrQuoting(connstr, dbname);
appendPQExpBuffer(connstr, "'");
appendPQExpBufferStr(connstrbuf, "dbname=");
doConnStrQuoting(connstrbuf, dbname);
doShellQuoting(cmd, connstr->data);
doShellQuoting(cmd, connstrbuf->data);
appendPQExpBuffer(cmd, "%s", SYSTEMQUOTE);
@ -1659,7 +1658,7 @@ runPgDump(const char *dbname)
ret = system(cmd->data);
destroyPQExpBuffer(cmd);
destroyPQExpBuffer(connstr);
destroyPQExpBuffer(connstrbuf);
return ret;
}
@ -1891,15 +1890,40 @@ dumpTimestamp(char *msg)
static void
doConnStrQuoting(PQExpBuffer buf, const char *str)
{
while (*str)
{
/* ' and \ must be escaped by to \' and \\ */
if (*str == '\'' || *str == '\\')
appendPQExpBufferChar(buf, '\\');
const char *s;
bool needquotes;
appendPQExpBufferChar(buf, *str);
str++;
/*
* If the string consists entirely of plain ASCII characters, no need to
* quote it. This is quite conservative, but better safe than sorry.
*/
needquotes = false;
for (s = str; *s; s++)
{
if (!((*s >= 'a' && *s <= 'z') || (*s >= 'A' && *s <= 'Z') ||
(*s >= '0' && *s <= '9') || *s == '_' || *s == '.'))
{
needquotes = true;
break;
}
}
if (needquotes)
{
appendPQExpBufferChar(buf, '\'');
while (*str)
{
/* ' and \ must be escaped by to \' and \\ */
if (*str == '\'' || *str == '\\')
appendPQExpBufferChar(buf, '\\');
appendPQExpBufferChar(buf, *str);
str++;
}
appendPQExpBufferChar(buf, '\'');
}
else
appendPQExpBufferStr(buf, str);
}
/*