Fixes additional sql injection vulnerabilities reported by Oliver Jowett

and Dmitry Tkach. Specifically the previous fix still allowed the statement termination character through in unquoted places in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string which under the v2 protocol would end the statement causing the following text to possibly be treated as a new sql statement Modified Files: jdbc/org/postgresql/Driver.java.in jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
2025-07-09 22:41:56 +03:00 · 2003-07-24 00:30:39 +00:00
parent 47f14e7ddf
commit a7a012d167
2 changed files with 21 additions and 9 deletions
--- a/src/interfaces/jdbc/org/postgresql/Driver.java.in
+++ b/src/interfaces/jdbc/org/postgresql/Driver.java.in
@ -6,7 +6,7 @@
 * Copyright (c) 2003, PostgreSQL Global Development Group
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/Attic/Driver.java.in,v 1.33 2003/07/22 05:17:09 barry Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/jdbc/org/postgresql/Attic/Driver.java.in,v 1.34 2003/07/24 00:30:38 barry Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -503,6 +503,6 @@ public class Driver implements java.sql.Driver


 	//The build number should be incremented for every new build
-	private static int m_buildNumber = 207;
+	private static int m_buildNumber = 208;

 }