[OpenSER-Devel] postgresql and escaping
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Feb 4 11:02:05 UTC 2008
Henning Westerholt schrieb:
> On Thursday 24 January 2008, Klaus Darilion wrote:
>> 1.
>> case DB_BLOB:
>> l = VAL_BLOB(_v).len;
>> if (*_len < (l * 2 + 3)) {
>> LM_ERR("destination buffer too short for blob\n");
>> return -7;
>> } else {
>> *_s++ = '\'';
>> tmp_s = (char*)PQescapeByteaConn(CON_CONNECTION(_con),
>> (unsigned char*)VAL_STRING(_v),
>> (size_t)l, (size_t*)&tmp_len);
>> if(tmp_s==NULL)
>> {
>> LM_ERR("PQescapeBytea failed\n");
>> return -7;
>> }
>> memcpy(_s, tmp_s, tmp_len);
>> PQfreemem(tmp_s);
>> tmp_len = strlen(_s);
>> *(_s + tmp_len) = '\'';
>> *(_s + tmp_len + 1) = '\0';
>> *_len = tmp_len + 2;
>> return 0;
>> }
>> break;
>>
>> This means we reserve l*2+3 bytes for the escaped string, but as
>> escaping of special characters is done by 3digts octal representation,
>> e.g. CR will be converted to \015, this buffer can be too small.
>>
>> I suggest to make the length check after PQescapeByteaConn and check if
>> tmp_len < _len.
>
> Hi Klaus,
>
> sounds resonable, potential buffer overflows should be fixed. ;-).
> Do you have already created a fix that can be commited?
no
>
>> 2. With postgresql 8.1 the handling of string escaping was changed
>> (http://www.postgresql.org/docs/8.1/interactive/release-8-1.html). They
>> introduced the E'' syntax and current escaping with \ will be obsolete.
>> Thus, maybe we have to update the code to check server version we are
>> connected too and thus use the proper escaping.
>
> When will the 'old' method of escaping finally be removed? According to the
> documentation you've given above, there exists a variable that can be checked
> to get the supported escape method. Thus it should be no so hard to add some
> code in the escaping path to support this change.
Check out this thread - I think it should be that hard too.
http://archives.postgresql.org/pgsql-interfaces/2008-01/msg00015.php
klaus
More information about the Devel
mailing list