Commit f86e6ba4 authored by Heikki Linnakangas's avatar Heikki Linnakangas

Add runtime checks for number of query parameters passed to libpq functions.

The maximum number of parameters supported by the FE/BE protocol is 65535,
as it's transmitted as a 16-bit unsigned integer. However, the nParams
arguments to libpq functions are all of type 'int'. We can't change the
signature of libpq functions, but a simple bounds check is in order to make
it more clear what's going wrong if you try to pass more than 65535
parameters.

Per complaint from Jim Vanns.
parent c1774d2c
...@@ -1113,6 +1113,7 @@ PQsendQuery(PGconn *conn, const char *query) ...@@ -1113,6 +1113,7 @@ PQsendQuery(PGconn *conn, const char *query)
if (!PQsendQueryStart(conn)) if (!PQsendQueryStart(conn))
return 0; return 0;
/* check the argument */
if (!query) if (!query)
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
...@@ -1170,12 +1171,19 @@ PQsendQueryParams(PGconn *conn, ...@@ -1170,12 +1171,19 @@ PQsendQueryParams(PGconn *conn,
if (!PQsendQueryStart(conn)) if (!PQsendQueryStart(conn))
return 0; return 0;
/* check the arguments */
if (!command) if (!command)
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("command string is a null pointer\n")); libpq_gettext("command string is a null pointer\n"));
return 0; return 0;
} }
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
return PQsendQueryGuts(conn, return PQsendQueryGuts(conn,
command, command,
...@@ -1203,19 +1211,25 @@ PQsendPrepare(PGconn *conn, ...@@ -1203,19 +1211,25 @@ PQsendPrepare(PGconn *conn,
if (!PQsendQueryStart(conn)) if (!PQsendQueryStart(conn))
return 0; return 0;
/* check the arguments */
if (!stmtName) if (!stmtName)
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("statement name is a null pointer\n")); libpq_gettext("statement name is a null pointer\n"));
return 0; return 0;
} }
if (!query) if (!query)
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("command string is a null pointer\n")); libpq_gettext("command string is a null pointer\n"));
return 0; return 0;
} }
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
/* This isn't gonna work on a 2.0 server */ /* This isn't gonna work on a 2.0 server */
if (PG_PROTOCOL_MAJOR(conn->pversion) < 3) if (PG_PROTOCOL_MAJOR(conn->pversion) < 3)
...@@ -1298,12 +1312,19 @@ PQsendQueryPrepared(PGconn *conn, ...@@ -1298,12 +1312,19 @@ PQsendQueryPrepared(PGconn *conn,
if (!PQsendQueryStart(conn)) if (!PQsendQueryStart(conn))
return 0; return 0;
/* check the arguments */
if (!stmtName) if (!stmtName)
{ {
printfPQExpBuffer(&conn->errorMessage, printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("statement name is a null pointer\n")); libpq_gettext("statement name is a null pointer\n"));
return 0; return 0;
} }
if (nParams < 0 || nParams > 65535)
{
printfPQExpBuffer(&conn->errorMessage,
libpq_gettext("number of parameters must be between 0 and 65535\n"));
return 0;
}
return PQsendQueryGuts(conn, return PQsendQueryGuts(conn,
NULL, /* no command to parse */ NULL, /* no command to parse */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment