open-dsi
/
postgres
mirror of https://github.com/postgres/postgres
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add runtime checks for number of query parameters passed to libpq functions.

Browse Source 
The maximum number of parameters supported by the FE/BE protocol is 65535,
as it's transmitted as a 16-bit unsigned integer. However, the nParams
arguments to libpq functions are all of type 'int'. We can't change the
signature of libpq functions, but a simple bounds check is in order to make
it more clear what's going wrong if you try to pass more than 65535
parameters.

Per complaint from Jim Vanns.
pull/3/head
Heikki Linnakangas 13 years ago
parent c1774d2c81
commit f86e6ba40c
1 changed files with 22 additions and 1 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 23
      src/interfaces/libpq/fe-exec.c

23
src/interfaces/libpq/fe-exec.c
Unescape View File

@ -1113,6 +1113,7 @@ PQsendQuery(PGconn *conn, const char *query)
if (!PQsendQueryStart(conn))
return 0;
/* check the argument */
if (!query)
{
printfPQExpBuffer(&conn->errorMessage,
@ -1170,12 +1171,19 @@ PQsendQueryParams(PGconn *conn,
if (!PQsendQueryStart(conn))
return 0;
/* check the arguments */
if (!command)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("command string is a null pointer\n"));
return 0;
}
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
return PQsendQueryGuts(conn,
command,
@ -1203,19 +1211,25 @@ PQsendPrepare(PGconn *conn,
if (!PQsendQueryStart(conn))
return 0;
/* check the arguments */
if (!stmtName)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("statement name is a null pointer\n"));
return 0;
}
if (!query)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("command string is a null pointer\n"));
return 0;
}
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
/* This isn't gonna work on a 2.0 server */
if (PG_PROTOCOL_MAJOR(conn->pversion) < 3)
@ -1298,12 +1312,19 @@ PQsendQueryPrepared(PGconn *conn,
if (!PQsendQueryStart(conn))
return 0;
/* check the arguments */
if (!stmtName)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("statement name is a null pointer\n"));
return 0;
}
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
return PQsendQueryGuts(conn,
NULL, /* no command to parse */

Write Preview
Loading…
Cancel
Save