mirror of
				https://github.com/psycopg/psycopg2.git
				synced 2025-10-25 13:01:00 +03:00 
			
		
		
		
	Second half of 8.1.4 securiy patch.
This commit is contained in:
		
							parent
							
								
									9299073649
								
							
						
					
					
						commit
						5f8eddfcab
					
				|  | @ -1,3 +1,11 @@ | ||||||
|  | 2006-05-24  Federico Di Gregorio  <fog@initd.org> | ||||||
|  | 
 | ||||||
|  | 	* psycopg/adapter_qstring.c: now quote using PQescapeStringConn if | ||||||
|  | 	available.  | ||||||
|  | 
 | ||||||
|  | 	* psycopg/adapter_binary.c: now quote using PQescapeByteaConn if | ||||||
|  | 	available.  | ||||||
|  | 
 | ||||||
| 2006-04-38  Federico Di Gregorio  <fog@initd.org> | 2006-04-38  Federico Di Gregorio  <fog@initd.org> | ||||||
| 
 | 
 | ||||||
| 	* setup.py: fixed little problem with mx_include_dir as suggested | 	* setup.py: fixed little problem with mx_include_dir as suggested | ||||||
|  |  | ||||||
|  | @ -30,16 +30,26 @@ | ||||||
| #include "psycopg/config.h" | #include "psycopg/config.h" | ||||||
| #include "psycopg/python.h" | #include "psycopg/python.h" | ||||||
| #include "psycopg/psycopg.h" | #include "psycopg/psycopg.h" | ||||||
|  | #include "psycopg/connection.h" | ||||||
| #include "psycopg/adapter_binary.h" | #include "psycopg/adapter_binary.h" | ||||||
| #include "psycopg/microprotocols_proto.h" | #include "psycopg/microprotocols_proto.h" | ||||||
| 
 | 
 | ||||||
| /** the quoting code */ | /** the quoting code */ | ||||||
| 
 | 
 | ||||||
| #ifndef PSYCOPG_OWN_QUOTING | #ifndef PSYCOPG_OWN_QUOTING | ||||||
| #define binary_escape PQescapeBytea | static unsigned char * | ||||||
|  | binary_escape(unsigned char *from, unsigned int from_length, | ||||||
|  |                unsigned int *to_length, PGconn *conn) | ||||||
|  | { | ||||||
|  |     if (conn) | ||||||
|  |         return PQescapeByteaConn(conn, from, from_length, to_length); | ||||||
|  |     else | ||||||
|  |         return PQescapeBytea(from, from_length, to_length); | ||||||
|  | } | ||||||
| #else | #else | ||||||
| static unsigned char * | static unsigned char * | ||||||
| binary_escape(char *from, int from_length, int *to_length) | binary_escape(unsigned char *from, unsigned int from_length, | ||||||
|  |                unsigned int *to_length, PGconn *conn) | ||||||
| { | { | ||||||
|     unsigneed char *quoted, *chptr, *newptr; |     unsigneed char *quoted, *chptr, *newptr; | ||||||
|     int i, space, new_space; |     int i, space, new_space; | ||||||
|  | @ -71,7 +81,7 @@ binary_escape(char *from, int from_length, int *to_length) | ||||||
|         if (from[i]) { |         if (from[i]) { | ||||||
|             if (from[i] >= ' ' && from[i] <= '~') { |             if (from[i] >= ' ' && from[i] <= '~') { | ||||||
|                 if (from[i] == '\'') { |                 if (from[i] == '\'') { | ||||||
|                     *chptr = '\\'; |                     *chptr = '\''; | ||||||
|                     chptr++; |                     chptr++; | ||||||
|                     *chptr = '\''; |                     *chptr = '\''; | ||||||
|                     chptr++; |                     chptr++; | ||||||
|  | @ -127,7 +137,8 @@ binary_quote(binaryObject *self) | ||||||
|     if (PyString_Check(self->wrapped) || PyBuffer_Check(self->wrapped)) { |     if (PyString_Check(self->wrapped) || PyBuffer_Check(self->wrapped)) { | ||||||
|         /* escape and build quoted buffer */ |         /* escape and build quoted buffer */ | ||||||
|         PyObject_AsCharBuffer(self->wrapped, &buffer, &buffer_len); |         PyObject_AsCharBuffer(self->wrapped, &buffer, &buffer_len); | ||||||
|         to = (char *)binary_escape((unsigned char*)buffer, buffer_len, &len); |         to = (char *)binary_escape((unsigned char*)buffer, buffer_len, &len, | ||||||
|  |                                    ((connectionObject*)self->conn)->pgconn); | ||||||
|         if (to == NULL) { |         if (to == NULL) { | ||||||
|             PyErr_NoMemory(); |             PyErr_NoMemory(); | ||||||
|             return NULL; |             return NULL; | ||||||
|  | @ -165,6 +176,24 @@ binary_getquoted(binaryObject *self, PyObject *args) | ||||||
|     return binary_str(self); |     return binary_str(self); | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | PyObject * | ||||||
|  | binary_prepare(binaryObject *self, PyObject *args) | ||||||
|  | { | ||||||
|  |     connectionObject *conn; | ||||||
|  | 
 | ||||||
|  |     if (!PyArg_ParseTuple(args, "O", &conn)) | ||||||
|  |         return NULL; | ||||||
|  | 
 | ||||||
|  |     Py_XDECREF(self->conn); | ||||||
|  |     if (conn) { | ||||||
|  |         self->conn = (PyObject*)conn; | ||||||
|  |         Py_INCREF(self->conn); | ||||||
|  |     } | ||||||
|  | 
 | ||||||
|  |     Py_INCREF(Py_None); | ||||||
|  |     return Py_None; | ||||||
|  | } | ||||||
|  | 
 | ||||||
| PyObject * | PyObject * | ||||||
| binary_conform(binaryObject *self, PyObject *args) | binary_conform(binaryObject *self, PyObject *args) | ||||||
| { | { | ||||||
|  | @ -196,6 +225,8 @@ static struct PyMemberDef binaryObject_members[] = { | ||||||
| static PyMethodDef binaryObject_methods[] = { | static PyMethodDef binaryObject_methods[] = { | ||||||
|     {"getquoted", (PyCFunction)binary_getquoted, METH_VARARGS, |     {"getquoted", (PyCFunction)binary_getquoted, METH_VARARGS, | ||||||
|      "getquoted() -> wrapped object value as SQL-quoted binary string"}, |      "getquoted() -> wrapped object value as SQL-quoted binary string"}, | ||||||
|  |     {"prepare", (PyCFunction)binary_prepare, METH_VARARGS, | ||||||
|  |      "prepare(conn) -> prepare for binary encoding using conn"}, | ||||||
|     {"__conform__", (PyCFunction)binary_conform, METH_VARARGS, NULL}, |     {"__conform__", (PyCFunction)binary_conform, METH_VARARGS, NULL}, | ||||||
|     {NULL}  /* Sentinel */ |     {NULL}  /* Sentinel */ | ||||||
| }; | }; | ||||||
|  | @ -209,6 +240,7 @@ binary_setup(binaryObject *self, PyObject *str) | ||||||
|             self, ((PyObject *)self)->ob_refcnt); |             self, ((PyObject *)self)->ob_refcnt); | ||||||
| 
 | 
 | ||||||
|     self->buffer = NULL; |     self->buffer = NULL; | ||||||
|  |     self->conn = NULL; | ||||||
|     self->wrapped = str; |     self->wrapped = str; | ||||||
|     Py_INCREF(self->wrapped); |     Py_INCREF(self->wrapped); | ||||||
|      |      | ||||||
|  | @ -224,6 +256,7 @@ binary_dealloc(PyObject* obj) | ||||||
| 
 | 
 | ||||||
|     Py_XDECREF(self->wrapped); |     Py_XDECREF(self->wrapped); | ||||||
|     Py_XDECREF(self->buffer); |     Py_XDECREF(self->buffer); | ||||||
|  |     Py_XDECREF(self->conn); | ||||||
|      |      | ||||||
|     Dprintf("binary_dealloc: deleted binary object at %p, refcnt = %d", |     Dprintf("binary_dealloc: deleted binary object at %p, refcnt = %d", | ||||||
|             obj, obj->ob_refcnt); |             obj, obj->ob_refcnt); | ||||||
|  |  | ||||||
|  | @ -36,7 +36,7 @@ typedef struct { | ||||||
| 
 | 
 | ||||||
|     PyObject *wrapped; |     PyObject *wrapped; | ||||||
|     PyObject *buffer; |     PyObject *buffer; | ||||||
|     char     *encoding; |     PyObject *conn; | ||||||
| } binaryObject; | } binaryObject; | ||||||
| 
 | 
 | ||||||
| /* functions exported to psycopgmodule.c */ | /* functions exported to psycopgmodule.c */ | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user