diff options
| author | Will Fitch <willfitch@php.net> | 2014-01-18 19:24:22 -0500 |
|---|---|---|
| committer | Will Fitch <willfitch@php.net> | 2014-01-18 19:27:40 -0500 |
| commit | da83b513b21c88f58bf0c2e56c2e46359535e160 (patch) | |
| tree | fcb83b0d8f0b581643299e255d8093fd017d7d4b /ext/pdo_pgsql/pgsql_driver.c | |
| parent | 5b906ce6eb02118697c2f81d462ddfa724377fe8 (diff) | |
| download | php-git-da83b513b21c88f58bf0c2e56c2e46359535e160.tar.gz | |
Fix #62479: Some chars not parsed in passwords
This fixes an issue where backslashes and spaces aren't
correctly parsed for passwords.
Diffstat (limited to 'ext/pdo_pgsql/pgsql_driver.c')
| -rw-r--r-- | ext/pdo_pgsql/pgsql_driver.c | 31 |
1 files changed, 29 insertions, 2 deletions
diff --git a/ext/pdo_pgsql/pgsql_driver.c b/ext/pdo_pgsql/pgsql_driver.c index 6aa8814d86..3be9359216 100644 --- a/ext/pdo_pgsql/pgsql_driver.c +++ b/ext/pdo_pgsql/pgsql_driver.c @@ -1039,6 +1039,7 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ pdo_pgsql_db_handle *H; int ret = 0; char *conn_str, *p, *e; + char *tmp_pass; long connect_timeout = 30; H = pecalloc(1, sizeof(pdo_pgsql_db_handle), dbh->is_persistent); @@ -1060,18 +1061,44 @@ static int pdo_pgsql_handle_factory(pdo_dbh_t *dbh, zval *driver_options TSRMLS_ connect_timeout = pdo_attr_lval(driver_options, PDO_ATTR_TIMEOUT, 30 TSRMLS_CC); } + if (dbh->password) { + if (dbh->password[0] != '\'' && dbh->password[strlen(dbh->password) - 1] != '\'') { + char *pwd = dbh->password; + int pos = 1; + + tmp_pass = safe_emalloc(2, strlen(dbh->password), 3); + tmp_pass[0] = '\''; + + while (*pwd != '\0') { + if (*pwd == '\\' || *pwd == '\'') { + tmp_pass[pos++] = '\\'; + } + + tmp_pass[pos++] = *pwd++; + } + + tmp_pass[pos++] = '\''; + tmp_pass[pos] = '\0'; + } else { + tmp_pass = dbh->password; + } + } + /* support both full connection string & connection string + login and/or password */ if (dbh->username && dbh->password) { - spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, dbh->password, connect_timeout); + spprintf(&conn_str, 0, "%s user=%s password=%s connect_timeout=%ld", dbh->data_source, dbh->username, tmp_pass, connect_timeout); } else if (dbh->username) { spprintf(&conn_str, 0, "%s user=%s connect_timeout=%ld", dbh->data_source, dbh->username, connect_timeout); } else if (dbh->password) { - spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, dbh->password, connect_timeout); + spprintf(&conn_str, 0, "%s password=%s connect_timeout=%ld", dbh->data_source, tmp_pass, connect_timeout); } else { spprintf(&conn_str, 0, "%s connect_timeout=%ld", (char *) dbh->data_source, connect_timeout); } H->server = PQconnectdb(conn_str); + if (dbh->password && tmp_pass != dbh->password) { + efree(tmp_pass); + } efree(conn_str); |