Date: Wed, 9 Jan 2002 12:49:02 -0800 (PST) From: Mikhail Teterin <mi@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: ports/security/pam-pgsql Makefile ports/security/pam-pgsql/files Makefile.bsd pqescape.c Message-ID: <200201092049.g09Kn2501366@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
mi 2002/01/09 12:49:02 PST
Modified files:
security/pam-pgsql Makefile
security/pam-pgsql/files Makefile.bsd
Added files:
security/pam-pgsql/files pqescape.c
Log:
Close the security hole by making it escape all of the untrusted input
before passing it to the SQL server. The code in the added pqescape.c
is going to be in the next PostgreSQL release, but it is not there yet
and this port will use its own private copy for now.
No REVISION bump since the port was forbidden ever since the last
upgrade. Submitter reviewed my tweaks of his patch and approved them
authorizing (as one of the SOs) the removal of the FORBIDDEN flag.
Submitted by: nectar
Reviewed by: nectar
Approved by: nectar
Obtained from: http://CERT.uni-stuttgart.de/doc/postgresql/escape/
Revision Changes Path
1.8 +1 -3 ports/security/pam-pgsql/Makefile
1.6 +4 -1 ports/security/pam-pgsql/files/Makefile.bsd
1.1 +66 -0 ports/security/pam-pgsql/files/pqescape.c (new)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201092049.g09Kn2501366>