Home > mailing lists

pgsql: Sort out paired double quotes in \connect, \password and \crosst - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Sort out paired double quotes in \connect, \password and \crosst
Date	August 11, 2016 20:08:26
Msg-id	E1bWlGS-0006nc-Bw@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Sort out paired double quotes in \connect, \password and \crosstabview.

In arguments, these meta-commands wrongly treated each pair as closing
the double quoted string.  Make the behavior match the documentation.
This is a compatibility break, but I more expect to find software with
untested reliance on the documented behavior than software reliant on
today's behavior.  Back-patch to 9.1 (all supported versions).

Reviewed by Tom Lane and Peter Eisentraut.

Security: CVE-2016-5424

Branch
------
REL9_4_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/fed83cdac44da06915f9cf5926a282848841f7c1

Modified Files
--------------
src/bin/psql/psqlscan.l | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

pgsql-committers by date:

From: Noah Misch
Date: 11 August 2016, 20:08:22
Subject: pgsql: Obstruct shell, SQL, and conninfo injection via database and rol

From: Noah Misch
Date: 11 August 2016, 20:08:27
Subject: pgsql: Sort out paired double quotes in \connect, \password and \crosst

pgsql: Sort out paired double quotes in \connect, \password and \crosst - Mailing list pgsql-committers

Previous

Next