mirror of https://github.com/postgres/postgres
Remove libpq's PQescapeIdentifier(), not safe from injection attacks.
This commit is contained in:
Bruce Momjian
parent
530eab592c
commit
3fafac3f62
|
|
@ -1,4 +1,4 @@
|
|||
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.212 2006/06/27 00:03:41 momjian Exp $ -->
|
||||
<!-- $PostgreSQL: pgsql/doc/src/sgml/libpq.sgml,v 1.213 2006/07/04 13:22:15 momjian Exp $ -->
|
||||
|
||||
<chapter id="libpq">
|
||||
<title><application>libpq</application> - C Library</title>
|
||||
|
|
@ -2279,68 +2279,6 @@ in favor of <function>PQescapeStringConn</>.
|
|||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="libpq-exec-escape-identifier">
|
||||
<title>Escaping Identifier for Inclusion in SQL Commands</title>
|
||||
|
||||
<indexterm zone="libpq-exec-escape-identifier"><primary>PQescapeIdentifier</></>
|
||||
<indexterm zone="libpq-exec-escape-identifier"><primary>escaping strings</></>
|
||||
|
||||
<para>
|
||||
<function>PQescapeIdentifier</function> escapes a string for use
|
||||
as an identifier name within an SQL command. For example; table names,
|
||||
column names, view names and user names are all identifiers.
|
||||
Double quotes (") must be escaped to prevent them from being interpreted
|
||||
specially by the SQL parser. <function>PQescapeIdentifier</> performs this
|
||||
operation.
|
||||
</para>
|
||||
|
||||
<tip>
|
||||
<para>
|
||||
It is especially important to do proper escaping when handling strings that
|
||||
were received from an untrustworthy source. Otherwise there is a security
|
||||
risk: you are vulnerable to <quote>SQL injection</> attacks wherein unwanted
|
||||
SQL commands are fed to your database.
|
||||
</para>
|
||||
</tip>
|
||||
|
||||
<para>
|
||||
Note that it is still necessary to do escaping of identifiers when
|
||||
using functions that support parameterized queries such as <function>PQexecParams</> or
|
||||
its sibling routines. Only literal values are automatically escaped
|
||||
using these functions, not identifiers.
|
||||
|
||||
<synopsis>
|
||||
size_t PQescapeIdentifier (char *to, const char *from, size_t length);
|
||||
</synopsis>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The parameter <parameter>from</> points to the first character of the
|
||||
string that is to be escaped, and the <parameter>length</> parameter
|
||||
gives the number of characters in this string. A terminating zero byte
|
||||
is not required, and should not be counted in <parameter>length</>. (If
|
||||
a terminating zero byte is found before <parameter>length</> bytes are
|
||||
processed, <function>PQescapeIdentifier</> stops at the zero; the
|
||||
behavior is thus rather like <function>strncpy</>.) <parameter>to</>
|
||||
shall point to a buffer that is able to hold at least one more character
|
||||
than twice the value of <parameter>length</>, otherwise the behavior is
|
||||
undefined. A call to <function>PQescapeIdentifier</> writes an escaped
|
||||
version of the <parameter>from</> string to the <parameter>to</> buffer,
|
||||
replacing special characters so that they cannot cause any harm, and
|
||||
adding a terminating zero byte. The double quotes that may surround
|
||||
<productname>PostgreSQL</> identifiers are not included in the result
|
||||
string; they should be provided in the SQL command that the result is
|
||||
inserted into.
|
||||
</para>
|
||||
<para>
|
||||
<function>PQescapeIdentifier</> returns the number of characters written
|
||||
to <parameter>to</>, not including the terminating zero byte.
|
||||
</para>
|
||||
<para>
|
||||
Behavior is undefined if the <parameter>to</> and <parameter>from</>
|
||||
strings overlap.
|
||||
</para>
|
||||
</sect2>
|
||||
|
||||
<sect2 id="libpq-exec-escape-bytea">
|
||||
<title>Escaping Binary Strings for Inclusion in SQL Commands</title>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.12 2006/06/27 00:03:41 momjian Exp $
|
||||
# $PostgreSQL: pgsql/src/interfaces/libpq/exports.txt,v 1.13 2006/07/04 13:22:15 momjian Exp $
|
||||
# Functions to be exported by libpq DLLs
|
||||
PQconnectdb 1
|
||||
PQsetdbLogin 2
|
||||
|
|
@ -130,5 +130,3 @@ PQescapeByteaConn 127
|
|||
PQencryptPassword 128
|
||||
PQisthreadsafe 129
|
||||
enlargePQExpBuffer 130
|
||||
PQescapeIdentifier 131
|
||||
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
*
|
||||
*
|
||||
* IDENTIFICATION
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-exec.c,v 1.187 2006/06/27 00:03:41 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-exec.c,v 1.188 2006/07/04 13:22:15 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
|
@ -2515,42 +2515,6 @@ PQescapeString(char *to, const char *from, size_t length)
|
|||
static_std_strings);
|
||||
}
|
||||
|
||||
/*
|
||||
* Escaping arbitrary strings to get valid SQL identifier strings.
|
||||
*
|
||||
* Replaces " with "".
|
||||
*
|
||||
* length is the length of the source string. (Note: if a terminating NUL
|
||||
* is encountered sooner, PQescapeIdentifier stops short of "length"; the behavior
|
||||
* is thus rather like strncpy.)
|
||||
*
|
||||
* For safety the buffer at "to" must be at least 2*length + 1 bytes long.
|
||||
* A terminating NUL character is added to the output string, whether the
|
||||
* input is NUL-terminated or not.
|
||||
*
|
||||
* Returns the actual length of the output (not counting the terminating NUL).
|
||||
*/
|
||||
size_t
|
||||
PQescapeIdentifier(char *to, const char *from, size_t length)
|
||||
{
|
||||
const char *source = from;
|
||||
char *target = to;
|
||||
size_t remaining = length;
|
||||
|
||||
while (remaining > 0 && *source != '\0')
|
||||
{
|
||||
if (*source == '"')
|
||||
*target++ = *source;
|
||||
*target++ = *source++;
|
||||
remaining--;
|
||||
}
|
||||
|
||||
/* Write the terminating NUL character. */
|
||||
*target = '\0';
|
||||
|
||||
return target - to;
|
||||
}
|
||||
|
||||
/*
|
||||
* PQescapeBytea - converts from binary string to the
|
||||
* minimal encoding necessary to include the string in an SQL
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
* Portions Copyright (c) 1996-2006, PostgreSQL Global Development Group
|
||||
* Portions Copyright (c) 1994, Regents of the University of California
|
||||
*
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.130 2006/06/27 00:03:42 momjian Exp $
|
||||
* $PostgreSQL: pgsql/src/interfaces/libpq/libpq-fe.h,v 1.131 2006/07/04 13:22:15 momjian Exp $
|
||||
*
|
||||
*-------------------------------------------------------------------------
|
||||
*/
|
||||
|
|
@ -436,8 +436,6 @@ extern unsigned char *PQescapeByteaConn(PGconn *conn,
|
|||
size_t *to_length);
|
||||
extern unsigned char *PQunescapeBytea(const unsigned char *strtext,
|
||||
size_t *retbuflen);
|
||||
extern size_t PQescapeIdentifier(char *to, const char *from, size_t length);
|
||||
|
||||
/* These forms are deprecated! */
|
||||
extern size_t PQescapeString(char *to, const char *from, size_t length);
|
||||
extern unsigned char *PQescapeBytea(const unsigned char *from, size_t from_length,
|
||||
|
|
|
|||
Loading…
Reference in New Issue