Prevent the injection of invalidly encoded strings by PL/Python into PostgreSQL

petere · petere · commit a401226bd874 · 2010-03-18T19:43:03.000Z
with a few strategically placed pg_verifymbstr calls.
diff --git a/doc/src/sgml/plpython.sgml b/doc/src/sgml/plpython.sgml
@@ -1,4 +1,4 @@
-<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.45 2010/03/13 20:55:05 petere Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/plpython.sgml,v 1.46 2010/03/18 19:43:03 petere Exp $ -->
 
 <chapter id="plpython">
  <title>PL/Python - Python Procedural Language</title>
@@ -340,6 +340,17 @@ $$ LANGUAGE plpythonu;
        builtin <literal>str</literal>, and the result is passed to the
        input function of the PostgreSQL data type.
       </para>
+
+      <para>
+       Strings in Python 2 are required to be in the PostgreSQL server
+       encoding when they are passed to PostgreSQL.  Strings that are
+       not valid in the current server encoding will raise an error,
+       but not all encoding mismatches can be detected, so garbage
+       data can still result when this is not done correctly.  Unicode
+       strings are converted to the correct encoding automatically, so
+       it can be safer and more convenient to use those.  In Python 3,
+       all strings are Unicode strings.
+      </para>
      </listitem>
 
      <listitem>
diff --git a/src/pl/plpython/plpython.c b/src/pl/plpython/plpython.c
@@ -1,7 +1,7 @@
 /**********************************************************************
  * plpython.c - python as a procedural language for PostgreSQL
  *
- *	$PostgreSQL: pgsql/src/pl/plpython/plpython.c,v 1.140 2010/03/18 13:23:56 petere Exp $
+ *	$PostgreSQL: pgsql/src/pl/plpython/plpython.c,v 1.141 2010/03/18 19:43:03 petere Exp $
  *
  *********************************************************************
  */
@@ -2174,6 +2174,7 @@ PLyObject_ToDatum(PLyTypeInfo *info,
 					 errmsg("could not convert Python object into cstring: Python string representation appears to contain null bytes")));
 		else if (slen > plen)
 			elog(ERROR, "could not convert Python object into cstring: Python string longer than reported length");
+		pg_verifymbstr(plrv_sc, slen, false);
 		rv = InputFunctionCall(&arg->typfunc, plrv_sc, arg->typioparam, -1);
 	}
 	PG_CATCH();
@@ -2871,6 +2872,7 @@ PLy_spi_prepare(PyObject *self, PyObject *args)
 			}
 		}
 
+		pg_verifymbstr(query, strlen(query), false);
 		plan->plan = SPI_prepare(query, plan->nargs, plan->types);
 		if (plan->plan == NULL)
 			elog(ERROR, "SPI_prepare failed: %s",
@@ -3078,6 +3080,7 @@ PLy_spi_execute_query(char *query, long limit)
 	oldcontext = CurrentMemoryContext;
 	PG_TRY();
 	{
+		pg_verifymbstr(query, strlen(query), false);
 		rv = SPI_execute(query, PLy_curr_procedure->fn_readonly, limit);
 	}
 	PG_CATCH();
@@ -3353,6 +3356,7 @@ PLy_output(volatile int level, PyObject *self, PyObject *args)
 	oldcontext = CurrentMemoryContext;
 	PG_TRY();
 	{
+		pg_verifymbstr(sv, strlen(sv), false);
 		elog(level, "%s", sv);
 	}
 	PG_CATCH();

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/**********************************************************************`
`2`	`2`	`* plpython.c - python as a procedural language for PostgreSQL`
`3`	`3`	`*`
`4`		`- * $PostgreSQL: pgsql/src/pl/plpython/plpython.c,v 1.140 2010/03/18 13:23:56 petere Exp $`
	`4`	`+ * $PostgreSQL: pgsql/src/pl/plpython/plpython.c,v 1.141 2010/03/18 19:43:03 petere Exp $`
`5`	`5`	`*`
`6`	`6`	`*********************************************************************`
`7`	`7`	`*/`
`@@ -2174,6 +2174,7 @@ PLyObject_ToDatum(PLyTypeInfo *info,`
`2174`	`2174`	`errmsg("could not convert Python object into cstring: Python string representation appears to contain null bytes")));`
`2175`	`2175`	`else if (slen > plen)`
`2176`	`2176`	`elog(ERROR, "could not convert Python object into cstring: Python string longer than reported length");`
	`2177`	`+ pg_verifymbstr(plrv_sc, slen, false);`
`2177`	`2178`	`rv = InputFunctionCall(&arg->typfunc, plrv_sc, arg->typioparam, -1);`
`2178`	`2179`	`}`
`2179`	`2180`	`PG_CATCH();`
`@@ -2871,6 +2872,7 @@ PLy_spi_prepare(PyObject self, PyObject args)`
`2871`	`2872`	`}`
`2872`	`2873`	`}`
`2873`	`2874`
	`2875`	`+ pg_verifymbstr(query, strlen(query), false);`
`2874`	`2876`	`plan->plan = SPI_prepare(query, plan->nargs, plan->types);`
`2875`	`2877`	`if (plan->plan == NULL)`
`2876`	`2878`	`elog(ERROR, "SPI_prepare failed: %s",`
`@@ -3078,6 +3080,7 @@ PLy_spi_execute_query(char *query, long limit)`
`3078`	`3080`	`oldcontext = CurrentMemoryContext;`
`3079`	`3081`	`PG_TRY();`
`3080`	`3082`	`{`
	`3083`	`+ pg_verifymbstr(query, strlen(query), false);`
`3081`	`3084`	`rv = SPI_execute(query, PLy_curr_procedure->fn_readonly, limit);`
`3082`	`3085`	`}`
`3083`	`3086`	`PG_CATCH();`
`@@ -3353,6 +3356,7 @@ PLy_output(volatile int level, PyObject self, PyObject args)`
`3353`	`3356`	`oldcontext = CurrentMemoryContext;`
`3354`	`3357`	`PG_TRY();`
`3355`	`3358`	`{`
	`3359`	`+ pg_verifymbstr(sv, strlen(sv), false);`
`3356`	`3360`	`elog(level, "%s", sv);`
`3357`	`3361`	`}`
`3358`	`3362`	`PG_CATCH();`