[libpostgresql-jdbc-java] 10/11: escapeQuotes() in DatabaseMetaData was not correctly handling backslashes which would result in incorrect searches and has the potential for a SQL injection attack.
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Mon Jan 9 10:19:19 UTC 2017
This is an automated email from the git hooks/post-receive script.
ebourg-guest pushed a commit to tag REL8_0_315
in repository libpostgresql-jdbc-java.
commit 2d5e037af6a1d0d983358554732e1e46f4a77650
Author: Kris Jurka <books at ejurka.com>
Date: Fri Feb 3 21:10:44 2006 +0000
escapeQuotes() in DatabaseMetaData was not correctly handling
backslashes which would result in incorrect searches and has the
potential for a SQL injection attack.
Paolo Predonzani
---
org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java | 12 ++++--------
org/postgresql/test/jdbc2/DatabaseMetaDataTest.java | 16 +++++++++++++++-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java b/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java
index c298552..81ea98d 100644
--- a/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java
+++ b/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java
@@ -3,7 +3,7 @@
* Copyright (c) 2004-2005, PostgreSQL Global Development Group
*
* IDENTIFICATION
-* $PostgreSQL: pgjdbc/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java,v 1.18.2.1 2005/11/29 06:02:33 jurka Exp $
+* $PostgreSQL: pgjdbc/org/postgresql/jdbc2/AbstractJdbc2DatabaseMetaData.java,v 1.18.2.2 2005/12/04 20:23:47 jurka Exp $
*
*-------------------------------------------------------------------------
*/
@@ -1735,18 +1735,14 @@ public abstract class AbstractJdbc2DatabaseMetaData
protected static String escapeQuotes(String s) {
StringBuffer sb = new StringBuffer();
int length = s.length();
- char prevChar = ' ';
- char prevPrevChar = ' ';
for (int i = 0; i < length; i++)
{
char c = s.charAt(i);
- sb.append(c);
- if (c == '\'' && (prevChar != '\\' || (prevChar == '\\' && prevPrevChar == '\\')))
+ if (c == '\'' || c == '\\')
{
- sb.append("'");
+ sb.append('\\');
}
- prevPrevChar = prevChar;
- prevChar = c;
+ sb.append(c);
}
return sb.toString();
}
diff --git a/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java b/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java
index ee31b79..d6d56a7 100644
--- a/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java
+++ b/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java
@@ -3,7 +3,7 @@
* Copyright (c) 2004-2005, PostgreSQL Global Development Group
*
* IDENTIFICATION
-* $PostgreSQL: pgjdbc/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java,v 1.31 2004/11/09 08:54:19 jurka Exp $
+* $PostgreSQL: pgjdbc/org/postgresql/test/jdbc2/DatabaseMetaDataTest.java,v 1.32 2005/01/11 08:25:48 jurka Exp $
*
*-------------------------------------------------------------------------
*/
@@ -37,6 +37,8 @@ public class DatabaseMetaDataTest extends TestCase
TestUtil.dropSequence( con, "sercoltest_b_seq");
TestUtil.dropSequence( con, "sercoltest_c_seq");
TestUtil.createTable( con, "sercoltest", "a int, b serial, c bigserial");
+ TestUtil.createTable( con, "\"a\\\"", "a int4");
+ TestUtil.createTable( con, "\"a'\"", "a int4");
Statement stmt = con.createStatement();
//we add the following comments to ensure the joins to the comments
@@ -50,6 +52,8 @@ public class DatabaseMetaDataTest extends TestCase
TestUtil.dropTable( con, "sercoltest");
TestUtil.dropSequence( con, "sercoltest_b_seq");
TestUtil.dropSequence( con, "sercoltest_c_seq");
+ TestUtil.dropTable( con, "\"a\\\"");
+ TestUtil.dropTable( con, "\"a'\"");
TestUtil.closeDB( con );
}
@@ -481,6 +485,16 @@ public class DatabaseMetaDataTest extends TestCase
}
}
+ public void testEscaping() throws SQLException {
+ DatabaseMetaData dbmd = con.getMetaData();
+ ResultSet rs = dbmd.getTables( null, null, "a'", new String[] {"TABLE"});
+ assertTrue(rs.next());
+ rs = dbmd.getTables( null, null, "a\\\\", new String[] {"TABLE"});
+ assertTrue(rs.next());
+ rs = dbmd.getTables( null, null, "a\\", new String[] {"TABLE"});
+ assertTrue(!rs.next());
+ }
+
public void testSearchStringEscape() throws Exception {
DatabaseMetaData dbmd = con.getMetaData();
Statement stmt = con.createStatement();
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-java/libpostgresql-jdbc-java.git
More information about the pkg-java-commits
mailing list