diff options
| author | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2012-08-13 16:24:18 +0300 |
|---|---|---|
| committer | Heikki Linnakangas <heikki.linnakangas@iki.fi> | 2012-08-13 16:36:35 +0300 |
| commit | f86e6ba40c9cc51c81fe1cf650b512ba5b19c86b (patch) | |
| tree | d2d27785b7ee31de93b6f8efbe54647c003d7e61 /src | |
| parent | c1774d2c8193a322706f681dd984ac439d3a9dbb (diff) | |
| download | postgresql-f86e6ba40c9cc51c81fe1cf650b512ba5b19c86b.tar.gz postgresql-f86e6ba40c9cc51c81fe1cf650b512ba5b19c86b.zip | |
Add runtime checks for number of query parameters passed to libpq functions.
The maximum number of parameters supported by the FE/BE protocol is 65535,
as it's transmitted as a 16-bit unsigned integer. However, the nParams
arguments to libpq functions are all of type 'int'. We can't change the
signature of libpq functions, but a simple bounds check is in order to make
it more clear what's going wrong if you try to pass more than 65535
parameters.
Per complaint from Jim Vanns.
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/fe-exec.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-exec.c b/src/interfaces/libpq/fe-exec.c index 53516db7234..77124efe779 100644 --- a/src/interfaces/libpq/fe-exec.c +++ b/src/interfaces/libpq/fe-exec.c @@ -1113,6 +1113,7 @@ PQsendQuery(PGconn *conn, const char *query) if (!PQsendQueryStart(conn)) return 0; + /* check the argument */ if (!query) { printfPQExpBuffer(&conn->errorMessage, @@ -1170,12 +1171,19 @@ PQsendQueryParams(PGconn *conn, if (!PQsendQueryStart(conn)) return 0; + /* check the arguments */ if (!command) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("command string is a null pointer\n")); return 0; } + if (nParams < 0 || nParams > 65535) + { + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("number of parameters must be between 0 and 65535\n")); + return 0; + } return PQsendQueryGuts(conn, command, @@ -1203,19 +1211,25 @@ PQsendPrepare(PGconn *conn, if (!PQsendQueryStart(conn)) return 0; + /* check the arguments */ if (!stmtName) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("statement name is a null pointer\n")); return 0; } - if (!query) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("command string is a null pointer\n")); return 0; } + if (nParams < 0 || nParams > 65535) + { + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("number of parameters must be between 0 and 65535\n")); + return 0; + } /* This isn't gonna work on a 2.0 server */ if (PG_PROTOCOL_MAJOR(conn->pversion) < 3) @@ -1298,12 +1312,19 @@ PQsendQueryPrepared(PGconn *conn, if (!PQsendQueryStart(conn)) return 0; + /* check the arguments */ if (!stmtName) { printfPQExpBuffer(&conn->errorMessage, libpq_gettext("statement name is a null pointer\n")); return 0; } + if (nParams < 0 || nParams > 65535) + { + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("number of parameters must be between 0 and 65535\n")); + return 0; + } return PQsendQueryGuts(conn, NULL, /* no command to parse */ |