From db951dd1959fb6032c97a81a33139125c85a59fb Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 8 Aug 2016 10:07:46 -0400 Subject: [PATCH] Sort out paired double quotes in \connect, \password and \crosstabview. In arguments, these meta-commands wrongly treated each pair as closing the double quoted string. Make the behavior match the documentation. This is a compatibility break, but I more expect to find software with untested reliance on the documented behavior than software reliant on today's behavior. Back-patch to 9.1 (all supported versions). Reviewed by Tom Lane and Peter Eisentraut. Security: CVE-2016-5424 --- src/bin/psql/psqlscan.l | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/bin/psql/psqlscan.l b/src/bin/psql/psqlscan.l index be059abd8d..dc727f7b71 100644 --- a/src/bin/psql/psqlscan.l +++ b/src/bin/psql/psqlscan.l @@ -1605,7 +1605,8 @@ psql_scan_slash_option(PsqlScanState state, /* Keep the first quote, remove the second */ cp++; } - inquotes = !inquotes; + else + inquotes = !inquotes; /* Collapse out quote at *cp */ memmove(cp, cp + 1, strlen(cp)); mybuf.len--;