Re: lower() and unaccent() not leakproof

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: Christophe Pettus <xof(at)thebuild(dot)com>
Cc: "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: lower() and unaccent() not leakproof
Date: 2021-08-26 04:52:53
Message-ID: CAKFQuwYtO2ifxXzqL7BTgyjZFfUGcv=gyH9Gu+LkQQ163ib_=Q@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Wednesday, August 25, 2021, Christophe Pettus <xof(at)thebuild(dot)com> wrote:
>
> lower() and unaccent() (and most string functions) are not marked as
> leakproof. Is this due to possible locale / character encoding errors they
> might encounter?
>
>
I think you are partially correct. Its due to the fact that error
messages, regardless of the root cause, result in the printing of the input
value in the error message as context, thus exists a leak via a violation
of “ It reveals no information about its arguments other than by its return
value. ”

David J.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Peter Eisentraut 2021-08-26 07:58:13 Re: lower() and unaccent() not leakproof
Previous Message Christophe Pettus 2021-08-26 04:35:51 lower() and unaccent() not leakproof