Thread: BUG #7586: PL/Perl problem

BUG #7586: PL/Perl problem

From

franco.ricci@phys.uniroma1.it

Date:

07 October 2012, 19:02:44

The following bug has been logged on the website:

Bug reference:      7586
Logged by:          Franco Ricci
Email address:      franco.ricci@phys.uniroma1.it
PostgreSQL version: 9.0.10
Operating system:   FreeBSD 9.0
Description:        =


I wrote the following function in Perl to make some operations with LLRP
command in a RFID application:
----
CREATE OR REPLACE FUNCTION llrp_command.llrpenc_bytea(xml)
  RETURNS bytea AS
$BODY$
    use strict;
    use RFID::LLRP::Builder qw(encode_message);
   =

    my $llrp_xml =3D shift;
    my $llrp_bin =3D encode_message($llrp_xml);

    my $tmp =3D "";
    for(my $i =3D 0; $i < length($llrp_bin); $i =3D $i + 1)
    {
       my $val =3D substr($llrp_bin, $i, 1);
       $tmp =3D $tmp . sprintf("\\%03o",ord($val));
    }
    $llrp_bin =3D $tmp;
    return $llrp_bin;
$BODY$
  LANGUAGE plperlu IMMUTABLE STRICT
  COST 100;
ALTER FUNCTION llrp_command.llrpenc_bytea(xml)
  OWNER TO "LLRP";
COMMENT ON FUNCTION llrp_command.llrpenc_bytea(xml) IS 'Encode a xml LLRP
message in LLRP binary format and escape it into bytea';
----

Until version 9.0.8 all works fine. Version 9.0.8, 9.0.9, 9.0.10 and 9.1.6
have some troubles.
In particular when I call llrpenc_bytea function:

SELECT llrp_command.llrpenc_bytea('<llrp:SET_READER_CONFIG
xmlns:llrp=3D"http://www.llrp.org/ltk/schema/core/encoding/xml/1.0"
Version=3D"1" MessageID=3D"2">
  <llrp:ResetToFactoryDefault>0</llrp:ResetToFactoryDefault>
  <llrp:KeepaliveSpec>
    <llrp:KeepaliveTriggerType>Periodic</llrp:KeepaliveTriggerType>
    <llrp:PeriodicTriggerValue>30000</llrp:PeriodicTriggerValue>
  </llrp:KeepaliveSpec>
</llrp:SET_READER_CONFIG>');

it returns:
-----
ERROR:  Entity: line 1: parser error : Document is empty

^
Entity: line 1: parser error : Start tag expected, '<' not found

^
Compilation failed in require at line 3.
BEGIN failed--compilation aborted at line 3.
CONTEXT:  compilation of PL/Perl function "llrpenc_bytea"

********** Error **********

ERROR: Entity: line 1: parser error : Document is empty

^
Entity: line 1: parser error : Start tag expected, '<' not found

^
Compilation failed in require at line 3.
BEGIN failed--compilation aborted at line 3.
SQL state: 42601
Context: compilation of PL/Perl function "llrpenc_bytea"
--------

I tried to run the same script as a perl script and it runs fine so I think
the problem is not Perl.
Postgresql version 9.1.2 has no problem.
I think the bug is about as postgresql passes xml argument to perl
interpreter.
The same function with a text argument works well:

----
REATE OR REPLACE FUNCTION llrp_command.llrpenc_bytea(text)
  RETURNS bytea AS
$BODY$
    use strict;
    use RFID::LLRP::Builder qw(encode_message);
   =

    my $llrp_xml =3D shift;
    my $llrp_bin =3D encode_message($llrp_xml);

    my $tmp =3D "";
    for(my $i =3D 0; $i < length($llrp_bin); $i =3D $i + 1)
    {
       my $val =3D substr($llrp_bin, $i, 1);
       $tmp =3D $tmp . sprintf("\\%03o",ord($val));
    }
    $llrp_bin =3D $tmp;
    return $llrp_bin;
$BODY$
  LANGUAGE plperlu IMMUTABLE STRICT
  COST 100;
ALTER FUNCTION llrp_command.llrpenc_bytea(text)
  OWNER TO "LLRP";
COMMENT ON FUNCTION llrp_command.llrpenc_bytea(text) IS 'Encode a xml LLRP
message in LLRP binary format and escape it into bytea';
----
 =

Thanks a lot for your great work

Regards
Franco Ricci

Re: BUG #7586: PL/Perl problem

From

Tom Lane

Date:

07 October 2012, 20:06:48

franco.ricci@phys.uniroma1.it writes:
> I wrote the following function in Perl to make some operations with LLRP
> command in a RFID application:
> ----
> CREATE OR REPLACE FUNCTION llrp_command.llrpenc_bytea(xml)
>   RETURNS bytea AS
> $BODY$
>     use strict;
>     use RFID::LLRP::Builder qw(encode_message);

I don't know anything about RFID::LLRP::Builder, but some quick googling
suggests that it accesses libxml2 under the hood.  If so, and if it
relies on being able to fetch external entities, you're going to need to
use PG 9.2 to make this work.  The fix for CVE-2012-3489 broke such
cases in earlier branches.  Sorry about that, but the alternatives were
worse; and in any case, pre-9.2 versions never made any serious effort
to allow other uses of libxml2 inside the backend.  It's mostly luck
that it worked for you before, I think.

            regards, tom lane

Re: BUG #7586: PL/Perl problem

From

Franco Ricci

Date:

08 October 2012, 15:04:49

Thanks a lot for explanation.
I'm planing to upgrade to pgsql 9.2 even for other reasons.
If I need to use earlier postgresql versions I'll fix my functions using
a text arguments instead of xml one.
I tried and It seams to work fine.

Regards
Franco Ricci





On 7-10-2012 7:06 PM, Tom Lane wrote:
> franco.ricci@phys.uniroma1.it writes:
>> I wrote the following function in Perl to make some operations with LLRP
>> command in a RFID application:
>> ----
>> CREATE OR REPLACE FUNCTION llrp_command.llrpenc_bytea(xml)
>>    RETURNS bytea AS
>> $BODY$
>>      use strict;
>>      use RFID::LLRP::Builder qw(encode_message);
> I don't know anything about RFID::LLRP::Builder, but some quick googling
> suggests that it accesses libxml2 under the hood.  If so, and if it
> relies on being able to fetch external entities, you're going to need to
> use PG 9.2 to make this work.  The fix for CVE-2012-3489 broke such
> cases in earlier branches.  Sorry about that, but the alternatives were
> worse; and in any case, pre-9.2 versions never made any serious effort
> to allow other uses of libxml2 inside the backend.  It's mostly luck
> that it worked for you before, I think.
>
>             regards, tom lane
>


--
Franco Ricci
LabIT
Sviluppo Servizi Informatici

Dipartimento di Fisica
Università di Roma "La Sapienza"
Piazzale Aldo Moro, 5
00185
Roma
Italy

tel +390649913449
fax +39064463158

Attachment

franco_ricci.vcf