Commit a7aa0b81 authored by Bruce Momjian's avatar Bruce Momjian

Backpatch dbmirror fix for escape handling.

> Upstream confirmed my reply in the last mail in [1]: the complete
> escaping logic in DBMirror.pl is seriously screwew.
>
> [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php

I finally found some time to debug this, and I think I found a better
patch than the one you proposed. Mine is still hackish and is still a
workaround around a proper quoting solution, but at least it repairs
the parsing without introducing the \' quoting again.

I consider this a band-aid patch to fix the recent security update.
PostgreSQL gurus, would you consider applying this until a better
solution is found for DBMirror.pl?

Olivier, can you please confirm that the patch works for you, too?

Backpatched to 8.0.X.

Martin Pitt
parent 4f4d62a5
No related merge requests found
......@@ -33,7 +33,7 @@
#
#
##############################################################################
# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.11 2006/05/19 02:38:47 momjian Exp $
# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.12 2006/07/06 01:57:25 momjian Exp $
#
##############################################################################
......@@ -907,7 +907,7 @@ sub extractData($$) {
$matchString = $1;
$value .= substr $matchString,0,length($matchString)-1;
if($matchString =~ m/(\'$)/s) {
if($matchString =~ m/(\'$)/s and (substr $dataField,length($matchString),1) ne "'") {
# $1 runs to the end of the field value.
$dataField = substr $dataField,length($matchString)+1;
last;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment