From: Tom Lane Date: Sat, 27 May 2006 18:07:22 +0000 (+0000) Subject: Fix initdb to properly escape quotes and backslashes in the supplied X-Git-Tag: REL8_1_5~100 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b71b22d901c5067621d4d7d5d6680902292b6797;p=thirdparty%2Fpostgresql.git Fix initdb to properly escape quotes and backslashes in the supplied superuser password, and also in the paths of the various files it issues SQL COPY commands for. Per bug #2424. --- diff --git a/src/bin/initdb/initdb.c b/src/bin/initdb/initdb.c index c8ab77a2e77..3469fa506cf 100644 --- a/src/bin/initdb/initdb.c +++ b/src/bin/initdb/initdb.c @@ -42,7 +42,7 @@ * Portions Copyright (c) 1994, Regents of the University of California * Portions taken from FreeBSD. * - * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.99.2.2 2006/02/24 00:55:27 adunstan Exp $ + * $PostgreSQL: pgsql/src/bin/initdb/initdb.c,v 1.99.2.3 2006/05/27 18:07:22 tgl Exp $ * *------------------------------------------------------------------------- */ @@ -1178,20 +1178,20 @@ setup_config(void) conflines = replace_token(conflines, "#port = 5432", repltok); #endif - lc_messages = escape_quotes(lc_messages); - snprintf(repltok, sizeof(repltok), "lc_messages = '%s'", lc_messages); + snprintf(repltok, sizeof(repltok), "lc_messages = '%s'", + escape_quotes(lc_messages)); conflines = replace_token(conflines, "#lc_messages = 'C'", repltok); - lc_monetary = escape_quotes(lc_monetary); - snprintf(repltok, sizeof(repltok), "lc_monetary = '%s'", lc_monetary); + snprintf(repltok, sizeof(repltok), "lc_monetary = '%s'", + escape_quotes(lc_monetary)); conflines = replace_token(conflines, "#lc_monetary = 'C'", repltok); - lc_numeric = escape_quotes(lc_numeric); - snprintf(repltok, sizeof(repltok), "lc_numeric = '%s'", lc_numeric); + snprintf(repltok, sizeof(repltok), "lc_numeric = '%s'", + escape_quotes(lc_numeric)); conflines = replace_token(conflines, "#lc_numeric = 'C'", repltok); - lc_time = escape_quotes(lc_time); - snprintf(repltok, sizeof(repltok), "lc_time = '%s'", lc_time); + snprintf(repltok, sizeof(repltok), "lc_time = '%s'", + escape_quotes(lc_time)); conflines = replace_token(conflines, "#lc_time = 'C'", repltok); snprintf(path, sizeof(path), "%s/postgresql.conf", pg_data); @@ -1483,8 +1483,8 @@ get_set_pwd(void) PG_CMD_OPEN; - PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n", - username, pwd1); + PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD E'%s';\n", + username, escape_quotes(pwd1)); PG_CMD_CLOSE; @@ -1681,8 +1681,8 @@ setup_description(void) " objsubid int4, " " description text) WITHOUT OIDS;\n"); - PG_CMD_PRINTF1("COPY tmp_pg_description FROM '%s';\n", - desc_file); + PG_CMD_PRINTF1("COPY tmp_pg_description FROM E'%s';\n", + escape_quotes(desc_file)); PG_CMD_PUTS("INSERT INTO pg_description " " SELECT t.objoid, c.oid, t.objsubid, t.description " @@ -1853,8 +1853,8 @@ setup_schema(void) PG_CMD_PRINTF1("COPY information_schema.sql_features " " (feature_id, feature_name, sub_feature_id, " " sub_feature_name, is_supported, comments) " - " FROM '%s';\n", - features_file); + " FROM E'%s';\n", + escape_quotes(features_file)); PG_CMD_CLOSE; @@ -2031,7 +2031,15 @@ check_ok(void) } /* - * Escape any single quotes or backslashes in given string + * Escape (by doubling) any single quotes or backslashes in given string + * + * Note: this is used to process both postgresql.conf entries and SQL + * string literals. Since postgresql.conf strings are defined to treat + * backslashes as escapes, we have to double backslashes here. Hence, + * when using this for a SQL string literal, use E'' syntax. + * + * We do not need to worry about encoding considerations because all + * valid backend encodings are ASCII-safe. */ static char * escape_quotes(const char *src)