psycopg/psycopg2
1
1
Fork 0
mirror of https://github.com/psycopg/psycopg2.git synced 2025-01-31 09:24:07 +03:00
Code Issues Packages Projects Releases Wiki Activity

Throw an exception when a NUL character is used as a parameter.

Browse Source
This commit is contained in:
Alexander Schrijver 2016-07-17 16:32:47 +02:00 committed by Daniele Varrazzo
parent 9477cd1505
commit 5d5159c9d0
2 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
psycopg/utils.c
View File

@ -50,8 +50,13 @@ psycopg_escape_string(connectionObject *conn, const char *from, Py_ssize_t len,
Py_ssize_t ql;
int eq = (conn && (conn->equote)) ? 1 : 0;
if (len == 0)
if (len == 0) {
len = strlen(from);
} else if (strchr(from, '\0') != from + len) {
PyErr_Format(PyExc_ValueError, "A string literal cannot contain NUL (0x00) characters.");
return NULL;
}
if (to == NULL) {
to = (char *)PyMem_Malloc((len * 2 + 4) * sizeof(char));

9
tests/test_quote.py
View File

@ -62,6 +62,15 @@ class QuotingTestCase(ConnectingTestCase):
self.assertEqual(res, data)
self.assert_(not self.conn.notices)
def test_string_null_terminator(self):
curs = self.conn.cursor()
data = 'abcd\x01\x00cdefg'
with self.assertRaises(ValueError) as e:
curs.execute("SELECT %s", (data,))
self.assertEquals(e.exception.message, 'A string literal cannot contain NUL (0x00) characters.')
def test_binary(self):
data = b("""some data with \000\013 binary
stuff into, 'quotes' and \\ a backslash too.