|
 |
b479fe |
Fix CVE-2022-31197
|
|
|
b479fe |
|
|
|
b479fe |
Source of this commit and more information about it is here:
|
|
|
b479fe |
https://github.com/pgjdbc/pgjdbc/commit/739e599d52ad80f8dcd6efedc6157859b1a9d637
|
|
|
b479fe |
|
|
|
b479fe |
diff --git a/src/main/java/org/postgresql/jdbc/PgResultSet.java b/src/main/java/org/postgresql/jdbc/PgResultSet.java
|
|
|
b479fe |
index 42c6dda6..81a5ef1d 100644
|
|
|
b479fe |
--- a/src/main/java/org/postgresql/jdbc/PgResultSet.java
|
|
|
b479fe |
+++ b/src/main/java/org/postgresql/jdbc/PgResultSet.java
|
|
|
b479fe |
@@ -1323,7 +1323,7 @@ public class PgResultSet implements ResultSet, org.postgresql.PGRefCursorResultS
|
|
|
b479fe |
if (i > 1) {
|
|
|
b479fe |
selectSQL.append(", ");
|
|
|
b479fe |
}
|
|
|
b479fe |
- selectSQL.append(pgmd.getBaseColumnName(i));
|
|
|
b479fe |
+ Utils.escapeIdentifier(selectSQL, pgmd.getBaseColumnName(i));
|
|
|
b479fe |
}
|
|
|
b479fe |
selectSQL.append(" from ").append(onlyTable).append(tableName).append(" where ");
|
|
|
b479fe |
|
|
|
b479fe |
@@ -1333,7 +1333,8 @@ public class PgResultSet implements ResultSet, org.postgresql.PGRefCursorResultS
|
|
|
b479fe |
for (int i = 0; i < numKeys; i++) {
|
|
|
b479fe |
|
|
|
b479fe |
PrimaryKey primaryKey = primaryKeys.get(i);
|
|
|
b479fe |
- selectSQL.append(primaryKey.name).append("= ?");
|
|
|
b479fe |
+ Utils.escapeIdentifier(selectSQL, primaryKey.name);
|
|
|
b479fe |
+ selectSQL.append(" = ?");
|
|
|
b479fe |
|
|
|
b479fe |
if (i < numKeys - 1) {
|
|
|
b479fe |
selectSQL.append(" and ");
|
|
|
b479fe |
|
|
|
b479fe |
diff --git a/pgjdbc/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java b/pgjdbc/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java
|
|
|
b479fe |
new file mode 100644
|
|
|
b479fe |
index 00000000..3a4a7e51
|
|
|
b479fe |
--- /dev/null
|
|
|
b479fe |
+++ b/src/test/java/org/postgresql/test/jdbc2/ResultSetRefreshTest.java
|
|
|
b479fe |
@@ -0,0 +1,57 @@
|
|
|
b479fe |
+/*
|
|
|
b479fe |
+ * Copyright (c) 2022, PostgreSQL Global Development Group
|
|
|
b479fe |
+ * See the LICENSE file in the project root for more information.
|
|
|
b479fe |
+ */
|
|
|
b479fe |
+
|
|
|
b479fe |
+package org.postgresql.test.jdbc2;
|
|
|
b479fe |
+
|
|
|
b479fe |
+import static org.junit.Assert.assertTrue;
|
|
|
b479fe |
+
|
|
|
b479fe |
+import org.postgresql.test.TestUtil;
|
|
|
b479fe |
+
|
|
|
b479fe |
+import org.junit.Test;
|
|
|
b479fe |
+
|
|
|
b479fe |
+import java.sql.ResultSet;
|
|
|
b479fe |
+import java.sql.SQLException;
|
|
|
b479fe |
+import java.sql.Statement;
|
|
|
b479fe |
+import java.sql.Connection;
|
|
|
b479fe |
+
|
|
|
b479fe |
+public class ResultSetRefreshTest extends BaseTest4 {
|
|
|
b479fe |
+ @Test
|
|
|
b479fe |
+ public void testWithDataColumnThatRequiresEscaping() throws Exception {
|
|
|
b479fe |
+ Connection conn = con;
|
|
|
b479fe |
+ TestUtil.dropTable(conn, "refresh_row_bad_ident");
|
|
|
b479fe |
+ TestUtil.execute("CREATE TABLE refresh_row_bad_ident (id int PRIMARY KEY, \"1 FROM refresh_row_bad_ident; SELECT 2; SELECT *\" int)",conn);
|
|
|
b479fe |
+ TestUtil.execute("INSERT INTO refresh_row_bad_ident (id) VALUES (1), (2), (3)",conn);
|
|
|
b479fe |
+
|
|
|
b479fe |
+ Statement stmt = conn.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE);
|
|
|
b479fe |
+ ResultSet rs = stmt.executeQuery("SELECT * FROM refresh_row_bad_ident");
|
|
|
b479fe |
+ assertTrue(rs.next());
|
|
|
b479fe |
+ try {
|
|
|
b479fe |
+ rs.refreshRow();
|
|
|
b479fe |
+ } catch (SQLException ex) {
|
|
|
b479fe |
+ throw new RuntimeException("ResultSet.refreshRow() did not handle escaping data column identifiers", ex);
|
|
|
b479fe |
+ }
|
|
|
b479fe |
+ rs.close();
|
|
|
b479fe |
+ stmt.close();
|
|
|
b479fe |
+ }
|
|
|
b479fe |
+
|
|
|
b479fe |
+ @Test
|
|
|
b479fe |
+ public void testWithKeyColumnThatRequiresEscaping() throws Exception {
|
|
|
b479fe |
+ Connection conn = con;
|
|
|
b479fe |
+ TestUtil.dropTable(conn, "refresh_row_bad_ident");
|
|
|
b479fe |
+ TestUtil.execute("CREATE TABLE refresh_row_bad_ident (\"my key\" int PRIMARY KEY)",conn);
|
|
|
b479fe |
+ TestUtil.execute("INSERT INTO refresh_row_bad_ident VALUES (1), (2), (3)",conn);
|
|
|
b479fe |
+
|
|
|
b479fe |
+ Statement stmt = conn.createStatement(ResultSet.TYPE_FORWARD_ONLY, ResultSet.CONCUR_UPDATABLE);
|
|
|
b479fe |
+ ResultSet rs = stmt.executeQuery("SELECT * FROM refresh_row_bad_ident");
|
|
|
b479fe |
+ assertTrue(rs.next());
|
|
|
b479fe |
+ try {
|
|
|
b479fe |
+ rs.refreshRow();
|
|
|
b479fe |
+ } catch (SQLException ex) {
|
|
|
b479fe |
+ throw new RuntimeException("ResultSet.refreshRow() did not handle escaping key column identifiers", ex);
|
|
|
b479fe |
+ }
|
|
|
b479fe |
+ rs.close();
|
|
|
b479fe |
+ stmt.close();
|
|
|
b479fe |
+ }
|
|
|
b479fe |
+}
|