Home > mailing lists

pgsql-server/src/interfaces/jdbc/org/postgresq ... - Mailing list pgsql-committers

From	[email protected] (Barry Lind)
Subject	pgsql-server/src/interfaces/jdbc/org/postgresq ...
Date	July 27, 2003 23:23:03
Msg-id	[email protected] Whole thread Raw
List	pgsql-committers

Tree view

CVSROOT:    /cvsroot
Module name:    pgsql-server
Changes by:    [email protected]    03/07/23 21:30:39

Modified files:
    src/interfaces/jdbc/org/postgresql: Driver.java.in
    src/interfaces/jdbc/org/postgresql/jdbc1:
                                              AbstractJdbc1Statement.java

Log message:
    Fixes additional sql injection vulnerabilities reported by Oliver Jowett
    and Dmitry Tkach.  Specifically the previous fix still allowed the statement termination character through in
unquotedplaces in the sql statement, and the driver never correctly handled someone passing a value of \0 in a string
whichunder the v2 protocol would end the statement causing the following text to possibly 
    be treated as a new sql statement
    Modified Files:
    jdbc/org/postgresql/Driver.java.in
    jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java

pgsql-committers by date:

From: [email protected] (Barry Lind)
Date: 27 July 2003, 23:00:22
Subject: pgsql-server/src/interfaces/jdbc/org/postgresq ...

From: [email protected] (Tom Lane)
Date: 28 July 2003, 03:27:10
Subject: pgsql-server/src/backend/libpq auth.c

pgsql-server/src/interfaces/jdbc/org/postgresq ... - Mailing list pgsql-committers

Previous

Next