diff options
| author | Tom Lane | 2006-05-21 20:06:45 +0000 |
|---|---|---|
| committer | Tom Lane | 2006-05-21 20:06:45 +0000 |
| commit | b252352241fdeea313831e4c0da6317b70537514 (patch) | |
| tree | 9dd1925085cd9073bde96759a35328e1b68648ab /doc/src | |
| parent | 48498602a0536dcd4a840b83f37c7aaeb03dc6df (diff) | |
Change the backend to reject strings containing invalidly-encoded multibyte
characters in all cases. Formerly we mostly just threw warnings for invalid
input, and failed to detect it at all if no encoding conversion was required.
The tighter check is needed to defend against SQL-injection attacks as per
CVE-2006-2313 (further details will be published after release). Embedded
zero (null) bytes will be rejected as well. The checks are applied during
input to the backend (receipt from client or COPY IN), so it no longer seems
necessary to check in textin() and related routines; any string arriving at
those functions will already have been validated. Conversion failure
reporting (for characters with no equivalent in the destination encoding)
has been cleaned up and made consistent while at it.
Also, fix a few longstanding errors in little-used encoding conversion
routines: win1251_to_iso, win866_to_iso, euc_tw_to_big5, euc_tw_to_mic,
mic_to_euc_tw were all broken to varying extents.
Patches by Tatsuo Ishii and Tom Lane. Thanks to Akio Ishida and Yasuo Ohgaki
for identifying the security issues.
Diffstat (limited to 'doc/src')
0 files changed, 0 insertions, 0 deletions