Thread: pgsql-server/src/interfaces/jdbc/org/postgresq ...

CVSROOT:    /cvsroot
Module name:    pgsql-server
Changes by:    barry@svr1.postgresql.org    03/07/23 21:30:39

Modified files:
    src/interfaces/jdbc/org/postgresql: Driver.java.in
    src/interfaces/jdbc/org/postgresql/jdbc1:
                                              AbstractJdbc1Statement.java

Log message:
    Fixes additional sql injection vulnerabilities reported by Oliver Jowett
    and Dmitry Tkach.  Specifically the previous fix still allowed the statement termination character through in
unquotedplaces in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string
whichunder the v2 protocol would end the statement causing the following text to possibly 
    be treated as a new sql statement
    Modified Files:
    jdbc/org/postgresql/Driver.java.in
    jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java