Home > mailing lists

Re: lower() and unaccent() not leakproof - Mailing list pgsql-general

From	Peter Eisentraut
Subject	Re: lower() and unaccent() not leakproof
Date	August 26, 2021 10:58:13
Msg-id	b6169dcd-80fd-d0f2-af3f-7d902f06d052@enterprisedb.com Whole thread Raw
In response to	Re: lower() and unaccent() not leakproof ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses	Re: lower() and unaccent() not leakproof (Daniel Gustafsson <daniel@yesql.se>) Re: lower() and unaccent() not leakproof (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-general

Tree view

On 26.08.21 06:52, David G. Johnston wrote:
> On Wednesday, August 25, 2021, Christophe Pettus <xof@thebuild.com 
> <mailto:xof@thebuild.com>> wrote:
> 
>     lower() and unaccent() (and most string functions) are not marked as
>     leakproof.  Is this due to possible locale / character encoding
>     errors they might encounter?
> 
> 
> I think you are partially correct.  Its due to the fact that error 
> messages, regardless of the root cause, result in the printing of the 
> input value in the error message as context, thus exists a leak via a 
> violation of “ It reveals no information about its arguments other than 
> by its return value. ”

I think if you trace the code, you might find that lower() and upper() 
can't really leak anything.  It might be worth taking a careful look and 
possibly lifting this restriction.

pgsql-general by date:

From: "David G. Johnston"
Date: 26 August 2021, 07:52:53
Subject: Re: lower() and unaccent() not leakproof

From: Daniel Gustafsson
Date: 26 August 2021, 11:40:49
Subject: Re: lower() and unaccent() not leakproof

Re: lower() and unaccent() not leakproof - Mailing list pgsql-general

Previous

Next