Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f86e6ba

Browse files
hlinnakahlinnaka
committed
Add runtime checks for number of query parameters passed to libpq functions.
The maximum number of parameters supported by the FE/BE protocol is 65535, as it's transmitted as a 16-bit unsigned integer. However, the nParams arguments to libpq functions are all of type 'int'. We can't change the signature of libpq functions, but a simple bounds check is in order to make it more clear what's going wrong if you try to pass more than 65535 parameters. Per complaint from Jim Vanns.
1 parent c1774d2 commit f86e6ba

File tree

1 file changed

+22
-1
lines changed

1 file changed

+22
-1
lines changed

src/interfaces/libpq/fe-exec.c

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1113,6 +1113,7 @@ PQsendQuery(PGconn *conn, const char *query)
11131113
if (!PQsendQueryStart(conn))
11141114
return 0;
11151115

1116+
/* check the argument */
11161117
if (!query)
11171118
{
11181119
printfPQExpBuffer(&conn->errorMessage,
@@ -1170,12 +1171,19 @@ PQsendQueryParams(PGconn *conn,
11701171
if (!PQsendQueryStart(conn))
11711172
return 0;
11721173

1174+
/* check the arguments */
11731175
if (!command)
11741176
{
11751177
printfPQExpBuffer(&conn->errorMessage,
11761178
libpq_gettext("command string is a null pointer\n"));
11771179
return 0;
11781180
}
1181+
if (nParams < 0 || nParams > 65535)
1182+
{
1183+
printfPQExpBuffer(&conn->errorMessage,
1184+
libpq_gettext("number of parameters must be between 0 and 65535\n"));
1185+
return 0;
1186+
}
11791187

11801188
return PQsendQueryGuts(conn,
11811189
command,
@@ -1203,19 +1211,25 @@ PQsendPrepare(PGconn *conn,
12031211
if (!PQsendQueryStart(conn))
12041212
return 0;
12051213

1214+
/* check the arguments */
12061215
if (!stmtName)
12071216
{
12081217
printfPQExpBuffer(&conn->errorMessage,
12091218
libpq_gettext("statement name is a null pointer\n"));
12101219
return 0;
12111220
}
1212-
12131221
if (!query)
12141222
{
12151223
printfPQExpBuffer(&conn->errorMessage,
12161224
libpq_gettext("command string is a null pointer\n"));
12171225
return 0;
12181226
}
1227+
if (nParams < 0 || nParams > 65535)
1228+
{
1229+
printfPQExpBuffer(&conn->errorMessage,
1230+
libpq_gettext("number of parameters must be between 0 and 65535\n"));
1231+
return 0;
1232+
}
12191233

12201234
/* This isn't gonna work on a 2.0 server */
12211235
if (PG_PROTOCOL_MAJOR(conn->pversion) < 3)
@@ -1298,12 +1312,19 @@ PQsendQueryPrepared(PGconn *conn,
12981312
if (!PQsendQueryStart(conn))
12991313
return 0;
13001314

1315+
/* check the arguments */
13011316
if (!stmtName)
13021317
{
13031318
printfPQExpBuffer(&conn->errorMessage,
13041319
libpq_gettext("statement name is a null pointer\n"));
13051320
return 0;
13061321
}
1322+
if (nParams < 0 || nParams > 65535)
1323+
{
1324+
printfPQExpBuffer(&conn->errorMessage,
1325+
libpq_gettext("number of parameters must be between 0 and 65535\n"));
1326+
return 0;
1327+
}
13071328

13081329
return PQsendQueryGuts(conn,
13091330
NULL, /* no command to parse */

0 commit comments

Comments
 (0)