database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-03 20:02:46 +03:00
Code Activity

Modify libpq's string-escaping routines to be aware of encoding considerations

Browse Source 
and standard_conforming_strings.  The encoding changes are needed for proper
escaping in multibyte encodings, as per the SQL-injection vulnerabilities
noted in CVE-2006-2313 and CVE-2006-2314.  Concurrent fixes are being applied
to the server to ensure that it rejects queries that may have been corrupted
by attempted SQL injection, but this merely guarantees that unpatched clients
will fail rather than allow injection.  An actual fix requires changing the
client-side code.  While at it we have also fixed these routines to understand
about standard_conforming_strings, so that the upcoming changeover to SQL-spec
string syntax can be somewhat transparent to client code.

Since the existing API of PQescapeString and PQescapeBytea provides no way to
inform them which settings are in use, these functions are now deprecated in
favor of new functions PQescapeStringConn and PQescapeByteaConn.  The new
functions take the PGconn to which the string will be sent as an additional
parameter, and look inside the connection structure to determine what to do.
So as to provide some functionality for clients using the old functions,
libpq stores the latest encoding and standard_conforming_strings values
received from the backend in static variables, and the old functions consult
these variables.  This will work reliably in clients using only one Postgres
connection at a time, or even multiple connections if they all use the same
encoding and string syntax settings; which should cover many practical
scenarios.

Clients that use homebrew escaping methods, such as PHP's addslashes()
function or even hardwired regexp substitution, will require extra effort
to fix :-(.  It is strongly recommended that such code be replaced by use of
PQescapeStringConn/PQescapeByteaConn if at all feasible.
This commit is contained in:
Tom Lane
2006-05-21 20:20:24 +00:00
parent 2e319b0e40
commit 96871fc236
7 changed files with 323 additions and 107 deletions
Download Patch File Download Diff File Expand all files Collapse all files

183
doc/src/sgml/libpq.sgml
View File

@ -1,5 +1,5 @@
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.141.2.2 2005/06/09 19:08:47 tgl Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/libpq.sgml,v 1.141.2.3 2006/05/21 20:20:24 tgl Exp $
--> -->
<chapter id="libpq"> <chapter id="libpq">
@ -1957,15 +1957,16 @@ It is not thread-safe.
<sect2 id="libpq-exec-escape-string"> <sect2 id="libpq-exec-escape-string">
<title>Escaping Strings for Inclusion in SQL Commands</title> <title>Escaping Strings for Inclusion in SQL Commands</title>
<indexterm zone="libpq-exec-escape-string"><primary>PQescapeStringConn</></>
<indexterm zone="libpq-exec-escape-string"><primary>PQescapeString</></> <indexterm zone="libpq-exec-escape-string"><primary>PQescapeString</></>
<indexterm zone="libpq-exec-escape-string"><primary>escaping strings</></> <indexterm zone="libpq-exec-escape-string"><primary>escaping strings</></>
<para> <para>
<function>PQescapeString</function> escapes a string for use within an SQL <function>PQescapeStringConn</function> escapes a string for use within an SQL
command. This is useful when inserting data values as literal constants command. This is useful when inserting data values as literal constants
in SQL commands. Certain characters (such as quotes and backslashes) must in SQL commands. Certain characters (such as quotes and backslashes) must
be escaped to prevent them from being interpreted specially by the SQL parser. be escaped to prevent them from being interpreted specially by the SQL parser.
<function>PQescapeString</> performs this operation. <function>PQescapeStringConn</> performs this operation.
</para> </para>
<tip> <tip>
@ -1982,37 +1983,69 @@ Note that it is not necessary nor correct to do escaping when a data
value is passed as a separate parameter in <function>PQexecParams</> or value is passed as a separate parameter in <function>PQexecParams</> or
its sibling routines. its sibling routines.
<synopsis>
size_t PQescapeStringConn (PGconn *conn,
char *to, const char *from, size_t length,
int *error);
</synopsis>
</para>
<para>
<function>PQescapeStringConn</> writes an escaped
version of the <parameter>from</> string to the <parameter>to</>
buffer, escaping special characters so that they cannot cause any
harm, and adding a terminating zero byte. The single quotes that
must surround <productname>PostgreSQL</> string literals are not
included in the result string; they should be provided in the SQL
command that the result is inserted into.
The parameter <parameter>from</> points to the first character of the string
that is to be escaped, and the <parameter>length</> parameter gives the
number of bytes in this string. A terminating zero byte is not
required, and should not be counted in <parameter>length</>. (If
a terminating zero byte is found before <parameter>length</> bytes are
processed, <function>PQescapeStringConn</> stops at the zero; the behavior
is thus rather like <function>strncpy</>.)
<parameter>to</> shall point to a
buffer that is able to hold at least one more byte than twice
the value of <parameter>length</>, otherwise the behavior is
undefined.
Behavior is likewise undefined if the <parameter>to</> and <parameter>from</>
strings overlap.
</para>
<para>
If the <parameter>error</> parameter is not NULL, then <literal>*error</>
is set to zero on success, nonzero on error. Presently the only possible
error conditions involve invalid multibyte encoding in the source string.
The output string is still generated on error, but it can be expected that
the server will reject it as malformed. On error, a suitable message is
stored in the <parameter>conn</> object, whether or not <parameter>error</>
is NULL.
</para>
<para>
<function>PQescapeStringConn</> returns the number of bytes written
to <parameter>to</>, not including the terminating zero byte.
</para>
<para>
<synopsis> <synopsis>
size_t PQescapeString (char *to, const char *from, size_t length); size_t PQescapeString (char *to, const char *from, size_t length);
</synopsis> </synopsis>
</para> </para>
<para> <para>
The parameter <parameter>from</> points to the first character of the string <function>PQescapeString</> is an older, deprecated version of
that is to be escaped, and the <parameter>length</> parameter gives the <function>PQescapeStringConn</>; the difference is that it does not
number of characters in this string. A terminating zero byte is not take <parameter>conn</> or <parameter>error</> parameters. Because of this,
required, and should not be counted in <parameter>length</>. (If it cannot adjust its behavior depending on the connection properties (such as
a terminating zero byte is found before <parameter>length</> bytes are character encoding) and therefore <emphasis>it may give the wrong results</>.
processed, <function>PQescapeString</> stops at the zero; the behavior Also, it has no way to report error conditions.
is thus rather like <function>strncpy</>.)
<parameter>to</> shall point to a
buffer that is able to hold at least one more character than twice
the value of <parameter>length</>, otherwise the behavior is
undefined. A call to <function>PQescapeString</> writes an escaped
version of the <parameter>from</> string to the <parameter>to</>
buffer, replacing special characters so that they cannot cause any
harm, and adding a terminating zero byte. The single quotes that
must surround <productname>PostgreSQL</> string literals are not
included in the result string; they should be provided in the SQL
command that the result is inserted into.
</para> </para>
<para> <para>
<function>PQescapeString</> returns the number of characters written <function>PQescapeString</> can be used safely in single-threaded client
to <parameter>to</>, not including the terminating zero byte. programs that work with only one <productname>PostgreSQL</> connection at
</para> a time (in this case it can find out what it needs to know <quote>behind the
<para> scenes</>). In other contexts it is a security hazard and should be avoided
Behavior is undefined if the <parameter>to</> and <parameter>from</> in favor of <function>PQescapeStringConn</>.
strings overlap.
</para> </para>
</sect2> </sect2>
@ -2027,29 +2060,30 @@ strings overlap.
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term><function>PQescapeBytea</function><indexterm><primary>PQescapeBytea</></></term> <term><function>PQescapeByteaConn</function><indexterm><primary>PQescapeByteaConn</></></term>
<listitem> <listitem>
<para> <para>
Escapes binary data for use within an SQL command with the type Escapes binary data for use within an SQL command with the type
<type>bytea</type>. As with <function>PQescapeString</function>, <type>bytea</type>. As with <function>PQescapeStringConn</function>,
this is only used when inserting data directly into an SQL command string. this is only used when inserting data directly into an SQL command string.
<synopsis> <synopsis>
unsigned char *PQescapeBytea(const unsigned char *from, unsigned char *PQescapeByteaConn(PGconn *conn,
size_t from_length, const unsigned char *from,
size_t *to_length); size_t from_length,
size_t *to_length);
</synopsis> </synopsis>
</para> </para>
<para> <para>
Certain byte values <emphasis>must</emphasis> be escaped (but all Certain byte values <emphasis>must</emphasis> be escaped (but all
byte values <emphasis>may</emphasis> be escaped) when used as part byte values <emphasis>can</emphasis> be escaped) when used as part
of a <type>bytea</type> literal in an <acronym>SQL</acronym> of a <type>bytea</type> literal in an <acronym>SQL</acronym>
statement. In general, to escape a byte, it is converted into the statement. In general, to escape a byte, it is converted into the
three digit octal number equal to the octet value, and preceded by three digit octal number equal to the octet value, and preceded by
two backslashes. The single quote (<literal>'</>) and backslash one or two backslashes. The single quote (<literal>'</>) and backslash
(<literal>\</>) characters have special alternative escape (<literal>\</>) characters have special alternative escape
sequences. See <xref linkend="datatype-binary"> for more sequences. See <xref linkend="datatype-binary"> for more
information. <function>PQescapeBytea</function> performs this information. <function>PQescapeByteaConn</function> performs this
operation, escaping only the minimally required bytes. operation, escaping only the minimally required bytes.
</para> </para>
@ -2060,22 +2094,60 @@ unsigned char *PQescapeBytea(const unsigned char *from,
bytes in this binary string. (A terminating zero byte is bytes in this binary string. (A terminating zero byte is
neither necessary nor counted.) The <parameter>to_length</parameter> neither necessary nor counted.) The <parameter>to_length</parameter>
parameter points to a variable that will hold the resultant parameter points to a variable that will hold the resultant
escaped string length. The result string length includes the terminating escaped string length. This result string length includes the terminating
zero byte of the result. zero byte of the result.
</para> </para>
<para> <para>
<function>PQescapeBytea</> returns an escaped version of the <function>PQescapeByteaConn</> returns an escaped version of the
<parameter>from</parameter> parameter binary string in memory <parameter>from</parameter> parameter binary string in memory
allocated with <function>malloc()</>. This memory must be freed allocated with <function>malloc()</>. This memory must be freed using
using <function>PQfreemem</> when the result is no longer needed. <function>PQfreemem()</> when the result is no longer needed. The
The return string has all special characters replaced so that they return string has all special characters replaced so that they can
can be properly processed by the be properly processed by the <productname>PostgreSQL</productname>
<productname>PostgreSQL</productname> string literal parser, and string literal parser, and the <type>bytea</type> input function. A
the <type>bytea</type> input function. A terminating zero byte is terminating zero byte is also added. The single quotes that must
also added. The single quotes that must surround surround <productname>PostgreSQL</productname> string literals are
<productname>PostgreSQL</productname> string literals are not part not part of the result string.
of the result string. </para>
<para>
On error, a NULL pointer is returned, and a suitable error message
is stored in the <parameter>conn</> object. Currently, the only
possible error is insufficient memory for the result string.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><function>PQescapeBytea</function><indexterm><primary>PQescapeBytea</></></term>
<listitem>
<para>
<function>PQescapeBytea</> is an older, deprecated version of
<function>PQescapeByteaConn</>.
<synopsis>
unsigned char *PQescapeBytea(const unsigned char *from,
size_t from_length,
size_t *to_length);
</synopsis>
</para>
<para>
The only difference from <function>PQescapeByteaConn</> is that
<function>PQescapeBytea</> does not
take a <structname>PGconn</> parameter. Because of this, it cannot adjust
its behavior depending on the connection properties (in particular,
whether standard-conforming strings are enabled)
and therefore <emphasis>it may give the wrong results</>. Also, it
has no way to return an error message on failure.
</para>
<para>
<function>PQescapeBytea</> can be used safely in single-threaded client
programs that work with only one <productname>PostgreSQL</> connection at
a time (in this case it can find out what it needs to know <quote>behind the
scenes</>). In other contexts it is a security hazard and should be
avoided in favor of <function>PQescapeByteaConn</>.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2084,7 +2156,7 @@ unsigned char *PQescapeBytea(const unsigned char *from,
<term><function>PQunescapeBytea</function><indexterm><primary>PQunescapeBytea</></></term> <term><function>PQunescapeBytea</function><indexterm><primary>PQunescapeBytea</></></term>
<listitem> <listitem>
<para> <para>
Converts an escaped string representation of binary data into binary Converts a string representation of binary data into binary
data --- the reverse of <function>PQescapeBytea</function>. data --- the reverse of <function>PQescapeBytea</function>.
This is needed when retrieving <type>bytea</type> data in text format, This is needed when retrieving <type>bytea</type> data in text format,
but not when retrieving it in binary format. but not when retrieving it in binary format.
@ -2094,16 +2166,24 @@ unsigned char *PQunescapeBytea(const unsigned char *from, size_t *to_length);
</synopsis> </synopsis>
</para> </para>
<para> <para>
The <parameter>from</parameter> parameter points to an escaped string The <parameter>from</parameter> parameter points to a string
such as might be returned by <function>PQgetvalue</function> when applied to a such as might be returned by <function>PQgetvalue</function> when applied
<type>bytea</type> column. <function>PQunescapeBytea</function> converts to a <type>bytea</type> column. <function>PQunescapeBytea</function>
this string representation into its binary representation. converts this string representation into its binary representation.
It returns a pointer to a buffer allocated with It returns a pointer to a buffer allocated with
<function>malloc()</function>, or null on error, and puts the size of <function>malloc()</function>, or null on error, and puts the size of
the buffer in <parameter>to_length</parameter>. The result must be the buffer in <parameter>to_length</parameter>. The result must be
freed using <function>PQfreemem</> when it is no longer needed. freed using <function>PQfreemem</> when it is no longer needed.
</para> </para>
<para>
This conversion is not exactly the inverse of
<function>PQescapeBytea</function>, because the string is not expected
to be <quote>escaped</> when received from <function>PQgetvalue</function>.
In particular this means there is no need for string quoting considerations,
and so no need for a <structname>PGconn</> parameter.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -2119,6 +2199,7 @@ void PQfreemem(void *ptr);
<para> <para>
Frees memory allocated by <application>libpq</>, particularly Frees memory allocated by <application>libpq</>, particularly
<function>PQescapeByteaConn</function>,
<function>PQescapeBytea</function>, <function>PQescapeBytea</function>,
<function>PQunescapeBytea</function>, <function>PQunescapeBytea</function>,
and <function>PQnotifies</function>. and <function>PQnotifies</function>.

4
src/interfaces/libpq/blibpqdll.def
View File

@ -113,6 +113,8 @@ EXPORTS
_PQfformat @ 109 _PQfformat @ 109
_PQexecPrepared @ 110 _PQexecPrepared @ 110
_PQsendQueryPrepared @ 111 _PQsendQueryPrepared @ 111
_PQescapeStringConn @ 126
_PQescapeByteaConn @ 127
; Aliases for MS compatible names ; Aliases for MS compatible names
PQconnectdb = _PQconnectdb PQconnectdb = _PQconnectdb
@ -226,3 +228,5 @@ EXPORTS
PQfformat = _PQfformat PQfformat = _PQfformat
PQexecPrepared = _PQexecPrepared PQexecPrepared = _PQexecPrepared
PQsendQueryPrepared = _PQsendQueryPrepared PQsendQueryPrepared = _PQsendQueryPrepared
PQescapeStringConn = _PQescapeStringConn
PQescapeByteaConn = _PQescapeByteaConn

13
src/interfaces/libpq/fe-connect.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.263.2.4 2005/07/14 14:07:41 tgl Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.263.2.5 2006/05/21 20:20:24 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -1956,6 +1956,7 @@ makeEmptyPGconn(void)
conn->xactStatus = PQTRANS_IDLE; conn->xactStatus = PQTRANS_IDLE;
conn->setenv_state = SETENV_STATE_IDLE; conn->setenv_state = SETENV_STATE_IDLE;
conn->client_encoding = PG_SQL_ASCII; conn->client_encoding = PG_SQL_ASCII;
conn->std_strings = false; /* unless server says differently */
conn->verbosity = PQERRORS_DEFAULT; conn->verbosity = PQERRORS_DEFAULT;
conn->notifyList = DLNewList(); conn->notifyList = DLNewList();
conn->sock = -1; conn->sock = -1;
@ -2946,8 +2947,14 @@ PQsetClientEncoding(PGconn *conn, const char *encoding)
status = -1; status = -1;
else else
{ {
/* change libpq internal encoding */ /*
conn->client_encoding = pg_char_to_encoding(encoding); * In protocol 2 we have to assume the setting will stick, and
* adjust our state immediately. In protocol 3 and up we can
* rely on the backend to report the parameter value, and we'll
* change state at that time.
*/
if (PG_PROTOCOL_MAJOR(conn->pversion) < 3)
pqSaveParameterStatus(conn, "client_encoding", encoding);
status = 0; /* everything is ok */ status = 0; /* everything is ok */
} }
PQclear(res); PQclear(res);

210
src/interfaces/libpq/fe-exec.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.153.2.5 2006/05/21 19:57:07 momjian Exp $ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.153.2.6 2006/05/21 20:20:24 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -41,6 +41,12 @@ char *const pgresStatus[] = {
"PGRES_FATAL_ERROR" "PGRES_FATAL_ERROR"
}; };
/*
* static state needed by PQescapeString and PQescapeBytea; initialize to
* values that result in backward-compatible behavior
*/
static int static_client_encoding = PG_SQL_ASCII;
static bool static_std_strings = false;
static bool PQsendQueryStart(PGconn *conn); static bool PQsendQueryStart(PGconn *conn);
@ -608,11 +614,22 @@ pqSaveParameterStatus(PGconn *conn, const char *name, const char *value)
} }
/* /*
* Special hacks: remember client_encoding as a numeric value, and * Special hacks: remember client_encoding and standard_conforming_strings,
* convert server version to a numeric form as well. * and convert server version to a numeric form. We keep the first two of
* these in static variables as well, so that PQescapeString and
* PQescapeBytea can behave somewhat sanely (at least in single-
* connection-using programs).
*/ */
if (strcmp(name, "client_encoding") == 0) if (strcmp(name, "client_encoding") == 0)
{
conn->client_encoding = pg_char_to_encoding(value); conn->client_encoding = pg_char_to_encoding(value);
static_client_encoding = conn->client_encoding;
}
else if (strcmp(name, "standard_conforming_strings") == 0)
{
conn->std_strings = (strcmp(value, "on") == 0);
static_std_strings = conn->std_strings;
}
else if (strcmp(name, "server_version") == 0) else if (strcmp(name, "server_version") == 0)
{ {
int cnt; int cnt;
@ -2227,7 +2244,7 @@ PQfreeNotify(PGnotify *notify)
/* /*
* Escaping arbitrary strings to get valid SQL literal strings. * Escaping arbitrary strings to get valid SQL literal strings.
* *
* Replaces "\\" with "\\\\" and "'" with "''". * Replaces "'" with "''", and if not std_strings, replaces "\" with "\\".
* *
* length is the length of the source string. (Note: if a terminating NUL * length is the length of the source string. (Note: if a terminating NUL
* is encountered sooner, PQescapeString stops short of "length"; the behavior * is encountered sooner, PQescapeString stops short of "length"; the behavior
@ -2239,33 +2256,74 @@ PQfreeNotify(PGnotify *notify)
* *
* Returns the actual length of the output (not counting the terminating NUL). * Returns the actual length of the output (not counting the terminating NUL).
*/ */
size_t static size_t
PQescapeString(char *to, const char *from, size_t length) PQescapeStringInternal(PGconn *conn,
char *to, const char *from, size_t length,
int *error,
int encoding, bool std_strings)
{ {
const char *source = from; const char *source = from;
char *target = to; char *target = to;
size_t remaining = length; size_t remaining = length;
if (error)
*error = 0;
while (remaining > 0 && *source != '\0') while (remaining > 0 && *source != '\0')
{ {
switch (*source) char c = *source;
int len;
int i;
/* Fast path for plain ASCII */
if (!IS_HIGHBIT_SET(c))
{ {
case '\\': /* Apply quoting if needed */
*target++ = '\\'; if (c == '\'' ||
*target++ = '\\'; (c == '\\' && !std_strings))
break; *target++ = c;
/* Copy the character */
case '\'': *target++ = c;
*target++ = '\''; source++;
*target++ = '\''; remaining--;
break; continue;
}
default:
*target++ = *source; /* Slow path for possible multibyte characters */
break; len = pg_encoding_mblen(encoding, source);
/* Copy the character */
for (i = 0; i < len; i++)
{
if (remaining == 0 || *source == '\0')
break;
*target++ = *source++;
remaining--;
}
/*
* If we hit premature end of string (ie, incomplete multibyte
* character), try to pad out to the correct length with spaces.
* We may not be able to pad completely, but we will always be able
* to insert at least one pad space (since we'd not have quoted a
* multibyte character). This should be enough to make a string that
* the server will error out on.
*/
if (i < len)
{
if (error)
*error = 1;
if (conn)
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("incomplete multibyte character\n"));
for (; i < len; i++)
{
if (((size_t) (target - to)) / 2 >= length)
break;
*target++ = ' ';
}
break;
} }
source++;
remaining--;
} }
/* Write the terminating NUL character. */ /* Write the terminating NUL character. */
@ -2274,72 +2332,109 @@ PQescapeString(char *to, const char *from, size_t length)
return target - to; return target - to;
} }
size_t
PQescapeStringConn(PGconn *conn,
char *to, const char *from, size_t length,
int *error)
{
if (!conn)
{
/* force empty-string result */
*to = '\0';
if (error)
*error = 1;
return 0;
}
return PQescapeStringInternal(conn, to, from, length, error,
conn->client_encoding,
conn->std_strings);
}
size_t
PQescapeString(char *to, const char *from, size_t length)
{
return PQescapeStringInternal(NULL, to, from, length, NULL,
static_client_encoding,
static_std_strings);
}
/* /*
* PQescapeBytea - converts from binary string to the * PQescapeBytea - converts from binary string to the
* minimal encoding necessary to include the string in an SQL * minimal encoding necessary to include the string in an SQL
* INSERT statement with a bytea type column as the target. * INSERT statement with a bytea type column as the target.
* *
* The following transformations are applied * The following transformations are applied
* '\0' == ASCII 0 == \\000 * '\0' == ASCII 0 == \000
* '\'' == ASCII 39 == \' * '\'' == ASCII 39 == ''
* '\\' == ASCII 92 == \\\\ * '\\' == ASCII 92 == \\
* anything < 0x20, or > 0x7e ---> \\ooo * anything < 0x20, or > 0x7e ---> \ooo
* (where ooo is an octal expression) * (where ooo is an octal expression)
* If not std_strings, all backslashes sent to the output are doubled.
*/ */
unsigned char * static unsigned char *
PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen) PQescapeByteaInternal(PGconn *conn,
const unsigned char *from, size_t from_length,
size_t *to_length, bool std_strings)
{ {
const unsigned char *vp; const unsigned char *vp;
unsigned char *rp; unsigned char *rp;
unsigned char *result; unsigned char *result;
size_t i; size_t i;
size_t len; size_t len;
size_t bslash_len = (std_strings ? 1 : 2);
/* /*
* empty string has 1 char ('\0') * empty string has 1 char ('\0')
*/ */
len = 1; len = 1;
vp = bintext; vp = from;
for (i = binlen; i > 0; i--, vp++) for (i = from_length; i > 0; i--, vp++)
{ {
if (*vp < 0x20 || *vp > 0x7e) if (*vp < 0x20 || *vp > 0x7e)
len += 5; /* '5' is for '\\ooo' */ len += bslash_len + 3;
else if (*vp == '\'') else if (*vp == '\'')
len += 2; len += 2;
else if (*vp == '\\') else if (*vp == '\\')
len += 4; len += bslash_len + bslash_len;
else else
len++; len++;
} }
*to_length = len;
rp = result = (unsigned char *) malloc(len); rp = result = (unsigned char *) malloc(len);
if (rp == NULL) if (rp == NULL)
{
if (conn)
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("out of memory\n"));
return NULL; return NULL;
}
vp = bintext; vp = from;
*bytealen = len; for (i = from_length; i > 0; i--, vp++)
for (i = binlen; i > 0; i--, vp++)
{ {
if (*vp < 0x20 || *vp > 0x7e) if (*vp < 0x20 || *vp > 0x7e)
{ {
(void) sprintf(rp, "\\\\%03o", *vp); if (!std_strings)
rp += 5; *rp++ = '\\';
(void) sprintf((char *) rp, "\\%03o", *vp);
rp += 4;
} }
else if (*vp == '\'') else if (*vp == '\'')
{ {
rp[0] = '\''; *rp++ = '\'';
rp[1] = '\''; *rp++ = '\'';
rp += 2;
} }
else if (*vp == '\\') else if (*vp == '\\')
{ {
rp[0] = '\\'; if (!std_strings)
rp[1] = '\\'; {
rp[2] = '\\'; *rp++ = '\\';
rp[3] = '\\'; *rp++ = '\\';
rp += 4; }
*rp++ = '\\';
*rp++ = '\\';
} }
else else
*rp++ = *vp; *rp++ = *vp;
@ -2349,6 +2444,25 @@ PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen)
return result; return result;
} }
unsigned char *
PQescapeByteaConn(PGconn *conn,
const unsigned char *from, size_t from_length,
size_t *to_length)
{
if (!conn)
return NULL;
return PQescapeByteaInternal(conn, from, from_length, to_length,
conn->std_strings);
}
unsigned char *
PQescapeBytea(const unsigned char *from, size_t from_length, size_t *to_length)
{
return PQescapeByteaInternal(NULL, from, from_length, to_length,
static_std_strings);
}
#define ISFIRSTOCTDIGIT(CH) ((CH) >= '0' && (CH) <= '3') #define ISFIRSTOCTDIGIT(CH) ((CH) >= '0' && (CH) <= '3')
#define ISOCTDIGIT(CH) ((CH) >= '0' && (CH) <= '7') #define ISOCTDIGIT(CH) ((CH) >= '0' && (CH) <= '7')
#define OCTVAL(CH) ((CH) - '0') #define OCTVAL(CH) ((CH) - '0')
@ -2358,7 +2472,7 @@ PQescapeBytea(const unsigned char *bintext, size_t binlen, size_t *bytealen)
* of a bytea, strtext, into binary, filling a buffer. It returns a * of a bytea, strtext, into binary, filling a buffer. It returns a
* pointer to the buffer (or NULL on error), and the size of the * pointer to the buffer (or NULL on error), and the size of the
* buffer in retbuflen. The pointer may subsequently be used as an * buffer in retbuflen. The pointer may subsequently be used as an
* argument to the function free(3). It is the reverse of PQescapeBytea. * argument to the function PQfreemem.
* *
* The following transformations are made: * The following transformations are made:
* \\ == ASCII 92 == \ * \\ == ASCII 92 == \

15
src/interfaces/libpq/libpq-fe.h
View File

@ -7,7 +7,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-fe.h,v 1.100 2003/08/27 00:33:34 petere Exp $ * $Id: libpq-fe.h,v 1.100.2.1 2006/05/21 20:20:24 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -393,11 +393,18 @@ extern PGresult *PQmakeEmptyPGresult(PGconn *conn, ExecStatusType status);
/* Quoting strings before inclusion in queries. */ /* Quoting strings before inclusion in queries. */
extern size_t PQescapeString(char *to, const char *from, size_t length); extern size_t PQescapeStringConn(PGconn *conn,
extern unsigned char *PQescapeBytea(const unsigned char *bintext, size_t binlen, char *to, const char *from, size_t length,
size_t *bytealen); int *error);
extern unsigned char *PQescapeByteaConn(PGconn *conn,
const unsigned char *from, size_t from_length,
size_t *to_length);
extern unsigned char *PQunescapeBytea(const unsigned char *strtext, extern unsigned char *PQunescapeBytea(const unsigned char *strtext,
size_t *retbuflen); size_t *retbuflen);
/* These forms are deprecated! */
extern size_t PQescapeString(char *to, const char *from, size_t length);
extern unsigned char *PQescapeBytea(const unsigned char *from, size_t from_length,
size_t *to_length);

3
src/interfaces/libpq/libpq-int.h
View File

@ -12,7 +12,7 @@
* Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group * Portions Copyright (c) 1996-2003, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California * Portions Copyright (c) 1994, Regents of the University of California
* *
* $Id: libpq-int.h,v 1.82.2.1 2004/03/05 01:54:13 tgl Exp $ * $Id: libpq-int.h,v 1.82.2.2 2006/05/21 20:20:24 tgl Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -293,6 +293,7 @@ struct pg_conn
char cryptSalt[2]; /* password salt received from backend */ char cryptSalt[2]; /* password salt received from backend */
pgParameterStatus *pstatus; /* ParameterStatus data */ pgParameterStatus *pstatus; /* ParameterStatus data */
int client_encoding; /* encoding id */ int client_encoding; /* encoding id */
bool std_strings; /* standard_conforming_strings */
PGVerbosity verbosity; /* error/notice message verbosity */ PGVerbosity verbosity; /* error/notice message verbosity */
PGlobjfuncs *lobjfuncs; /* private state for large-object access PGlobjfuncs *lobjfuncs; /* private state for large-object access
* fns */ * fns */

2
src/interfaces/libpq/libpqdll.def
View File

@ -113,3 +113,5 @@ EXPORTS
PQfformat @ 109 PQfformat @ 109
PQexecPrepared @ 110 PQexecPrepared @ 110
PQsendQueryPrepared @ 111 PQsendQueryPrepared @ 111
PQescapeStringConn @ 126
PQescapeByteaConn @ 127