Re: Bug in UTF8-Validation Code?
Takahiro Itagaki <itagaki.takahiro@oss.ntt.co.jp>
From: ITAGAKI Takahiro <itagaki.takahiro@oss.ntt.co.jp>
To: Jeff Davis <pgsql@j-davis.com>
Cc: Mario Weilguni <mweilguni@sime.com>,
pgsql-hackers@postgresql.org
Date: 2007-03-19T05:00:23Z
Lists: pgsql-hackers
Jeff Davis <pgsql@j-davis.com> wrote:
> Some people think it's a bug, some people don't. It is technically
> documented behavior, but I don't think the documentation is clear
> enough. I think it is a bug that should be fixed, and here's another
> message in the thread that expresses my opinion:
Agreed. I think it is a bug, too.
Insertion of invalid characters makes read queries busted.
$ initdb --encoding=utf8
# CREATE TABLE test (t text);
# INSERT INTO test VALUES('A');
# SELECT * FROM test;
t
---
A
(1 row)
# INSERT INTO test VALUES(E'\200');
# SELECT * FROM test;
ERROR: invalid byte sequence for encoding "UTF8": 0x80
HINT: This error can also happen if the byte sequence does not match the
encoding expected by the server, which is cont rolled by "client_encoding".
Could it lead to DoS?
http://www.postgresql.org/support/security
| [D] A vulnerability that is exploitable for denial-of-service,
| but requiring a valid prior login.
Regards,
---
ITAGAKI Takahiro
NTT Open Source Software Center