Backpatch dbmirror fix for escape handling.

> Upstream confirmed my reply in the last mail in [1]: the complete
> escaping logic in DBMirror.pl is seriously screwew.
>
> [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php

I finally found some time to debug this, and I think I found a better
patch than the one you proposed. Mine is still hackish and is still a
workaround around a proper quoting solution, but at least it repairs
the parsing without introducing the \' quoting again.

I consider this a band-aid patch to fix the recent security update.
PostgreSQL gurus, would you consider applying this until a better
solution is found for DBMirror.pl?

Olivier, can you please confirm that the patch works for you, too?

Backpatched to 8.0.X.

Martin Pitt
This commit is contained in:
Bruce Momjian 2006-07-06 01:57:34 +00:00
parent bf1cd364b6
commit fe204535a7

View File

@ -33,7 +33,7 @@
#
#
##############################################################################
# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.10.6.1 2006/05/19 02:39:04 momjian Exp $
# $PostgreSQL: pgsql/contrib/dbmirror/DBMirror.pl,v 1.10.6.2 2006/07/06 01:57:34 momjian Exp $
#
##############################################################################
@ -907,7 +907,7 @@ sub extractData($$) {
$matchString = $1;
$value .= substr $matchString,0,length($matchString)-1;
if($matchString =~ m/(\'$)/s) {
if($matchString =~ m/(\'$)/s and (substr $dataField,length($matchString),1) ne "'") {
# $1 runs to the end of the field value.
$dataField = substr $dataField,length($matchString)+1;
last;