Dave, any thoughts on best way to reproduce Vladimir’s described workflow in a way that is consumable by the postgresql team?
On Thu, Mar 26, 2020 at 10:21 AM Tom Lane <tgl@sss.pgh.pa.us> wrote:
Brett Okken <brett.okken.os@gmail.com> writes: > Using a client and server encoding of SQL_ASCII makes it possible to get > 0x00 into a text value column when using a bind variable.
Having looked at the code again, I flat out don't believe you. textin is certainly not going to read past a nul character, and textrecv goes through pg_client_to_server (via pq_getmsgtext), which AFAICS is careful in all code paths to reject nuls.
If I'm missing something, I'd really like to see a concrete example, because this would be a bug, and it'd suggest that somebody's managed to reopen CVE-2006-2313. If we're missing nul rejection in some code path, then we're probably not doing encoding validation at all.