| From: | Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: lower() and unaccent() not leakproof |
| Date: | 2021-08-26 07:58:13 |
| Message-ID: | b6169dcd-80fd-d0f2-af3f-7d902f06d052@enterprisedb.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 26.08.21 06:52, David G. Johnston wrote:
> On Wednesday, August 25, 2021, Christophe Pettus <xof(at)thebuild(dot)com
> <mailto:xof(at)thebuild(dot)com>> wrote:
>
> lower() and unaccent() (and most string functions) are not marked as
> leakproof. Is this due to possible locale / character encoding
> errors they might encounter?
>
>
> I think you are partially correct. Its due to the fact that error
> messages, regardless of the root cause, result in the printing of the
> input value in the error message as context, thus exists a leak via a
> violation of “ It reveals no information about its arguments other than
> by its return value. ”
I think if you trace the code, you might find that lower() and upper()
can't really leak anything. It might be worth taking a careful look and
possibly lifting this restriction.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Daniel Gustafsson | 2021-08-26 08:40:49 | Re: lower() and unaccent() not leakproof |
| Previous Message | David G. Johnston | 2021-08-26 04:52:53 | Re: lower() and unaccent() not leakproof |