You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@apr.apache.org by "Brian J. France" <li...@firehawksystems.com> on 2005/09/01 20:58:18 UTC

DBD postgres escaping patch

While working on mod_smtpd_access_dbd I noticed that dbd_pgsql_escape  
does allocate enough space for escaped return string.  According to the  
docs:

http://www.postgresql.org/docs/8.0/static/libpq-exec.html#LIBPQ-EXEC- 
ESCAPE-STRING

"to (the ret value here) shall point to a buffer that is able to hold  
at least one more character than twice the value of length, otherwise  
the behavior is undefined"

Index: dbd/apr_dbd_pgsql.c
===================================================================
--- dbd/apr_dbd_pgsql.c (revision 233547)
+++ dbd/apr_dbd_pgsql.c (working copy)
@@ -221,7 +221,7 @@
                                      apr_dbd_t *sql)
  {
      size_t len = strlen(arg);
-    char *ret = apr_palloc(pool, len + 1);
+    char *ret = apr_palloc(pool, len*2 + 2);
      PQescapeString(ret, arg, len);
      return ret;
  }