Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 9 Jan 2002 12:49:02 -0800 (PST)
From:      Mikhail Teterin <mi@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/security/pam-pgsql Makefile ports/security/pam-pgsql/files Makefile.bsd pqescape.c
Message-ID:  <200201092049.g09Kn2501366@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
mi          2002/01/09 12:49:02 PST

  Modified files:
    security/pam-pgsql   Makefile 
    security/pam-pgsql/files Makefile.bsd 
  Added files:
    security/pam-pgsql/files pqescape.c 
  Log:
  Close the security hole by making it escape all of the untrusted input
  before passing it to the SQL  server. The code in the added pqescape.c
  is going to be in the next PostgreSQL release, but it is not there yet
  and this port will use its own private copy for now.
  
  No REVISION  bump since  the port  was forbidden  ever since  the last
  upgrade. Submitter reviewed  my tweaks of his patch  and approved them
  authorizing (as one of the SOs) the removal of the FORBIDDEN flag.
  
  Submitted by:   nectar
  Reviewed by:    nectar
  Approved by:    nectar
  Obtained from:  http://CERT.uni-stuttgart.de/doc/postgresql/escape/
  
  Revision  Changes    Path
  1.8       +1 -3      ports/security/pam-pgsql/Makefile
  1.6       +4 -1      ports/security/pam-pgsql/files/Makefile.bsd
  1.1       +66 -0     ports/security/pam-pgsql/files/pqescape.c (new)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201092049.g09Kn2501366>