ph10 2006/06/30 14:57:46 BST
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src/lookups pgsql.c
exim-test/scripts/9200-PostgreSQL 9200
exim-test/stderr 9200
exim-test/stdout 9200
Log:
Change ${quote_pgsql to quote ' as '' instead of \' because of a
security issue.
Revision Changes Path
1.364 +5 -0 exim/exim-doc/doc-txt/ChangeLog
1.5 +16 -1 exim/exim-src/src/lookups/pgsql.c
1.2 +1 -0 exim/exim-test/scripts/9200-PostgreSQL/9200
1.3 +12 -1 exim/exim-test/stderr/9200
1.2 +1 -0 exim/exim-test/stdout/9200
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.363
retrieving revision 1.364
diff -u -r1.363 -r1.364
--- ChangeLog 28 Jun 2006 16:00:23 -0000 1.363
+++ ChangeLog 30 Jun 2006 13:57:46 -0000 1.364
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.363 2006/06/28 16:00:23 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.364 2006/06/30 13:57:46 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -55,6 +55,11 @@
PH/06 Added acl_not_smtp_start, based on Johannes Berg's patch, and set the
bit to forbid control=suppress_local_fixups in the acl_not_smtp ACL,
because it is too late at that time, and has no effect.
+
+PH/07 Changed ${quote_pgsql to quote ' as '' instead of \' because of a
+ security issue with \' (bugzilla #107). I could not use the
+ PQescapeStringConn() function, because it needs a PGconn value as one of
+ its arguments.
Exim version 4.62
Index: pgsql.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/lookups/pgsql.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- pgsql.c 7 Feb 2006 11:19:01 -0000 1.4
+++ pgsql.c 30 Jun 2006 13:57:46 -0000 1.5
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/lookups/pgsql.c,v 1.4 2006/02/07 11:19:01 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/lookups/pgsql.c,v 1.5 2006/06/30 13:57:46 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -422,6 +422,16 @@
does treat the string as "ab%cd". So we can safely quote percent and
underscore. [This is different to MySQL, where you can't do this.]
+The original code quoted single quotes as \' which is documented as valid in
+the O'Reilly book "Practical PostgreSQL" (first edition) as an alternative to
+the SQL standard '' way of representing a single quote as data. However, in
+June 2006 there was some security issue with using \' and so this has been
+changed.
+
+[Note: There is a function called PQescapeStringConn() that quotes strings.
+This cannot be used because it needs a PGconn argument (the connection handle).
+Why, I don't know. Seems odd for just string escaping...]
+
Arguments:
s the string to be quoted
opt additional option text or NULL if none
@@ -447,7 +457,12 @@
while ((c = *s++) != 0)
{
- if (Ustrchr("\n\t\r\b\'\"\\%_", c) != NULL)
+ if (c == '\'')
+ {
+ *t++ = '\'';
+ *t++ = '\'';
+ }
+ else if (Ustrchr("\n\t\r\b\"\\%_", c) != NULL)
{
*t++ = '\\';
switch(c)
Index: 9200
===================================================================
RCS file: /home/cvs/exim/exim-test/scripts/9200-PostgreSQL/9200,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 9200 7 Feb 2006 10:54:51 -0000 1.1
+++ 9200 30 Jun 2006 13:57:46 -0000 1.2
@@ -9,6 +9,7 @@
${lookup pgsql {select * from them where id='quote2';}}
${lookup pgsql {select * from them where id='newline';}}
${lookup pgsql {select * from them where id='tab';}}
+${lookup pgsql {select * from them where name='${quote_pgsql:'stquot}';}}
****
exim -d -bh 10.0.0.0
mail from:<a@b>
Index: 9200
===================================================================
RCS file: /home/cvs/exim/exim-test/stderr/9200,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 9200 18 Apr 2006 15:53:58 -0000 1.2
+++ 9200 30 Jun 2006 13:57:46 -0000 1.3
@@ -100,7 +100,18 @@
database lookup required for select * from them where id='tab';
PGSQL query: select * from them where id='tab';
PGSQL using cached connection for localhost/test/CALLER
-lookup yielded: name="x x" id=tab
+lookup yielded: name="x x" id=tab
+search_open: pgsql "NULL"
+ cached open
+search_find: file="NULL"
+ key="select * from them where name='''stquot';" partial=-1 affix=NULL starflags=0
+LRU list:
+internal_search_find: file="NULL"
+ type=pgsql key="select * from them where name='''stquot';"
+database lookup required for select * from them where name='''stquot';
+PGSQL query: select * from them where name='''stquot';
+PGSQL using cached connection for localhost/test/CALLER
+lookup yielded: name='stquot id=quote1
search_tidyup called
close PGSQL connection: localhost/test/CALLER
>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Index: 9200
===================================================================
RCS file: /home/cvs/exim/exim-test/stdout/9200,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 9200 7 Feb 2006 10:47:37 -0000 1.1
+++ 9200 30 Jun 2006 13:57:46 -0000 1.2
@@ -8,6 +8,7 @@
> name="before
after" id=newline
> name="x x" id=tab
+> name='stquot id=quote1
>
**** SMTP testing session as if from host 10.0.0.0
