Check against bit string values using multiline regexp

Fix CVE-2014-3482.

2 files changed, 8 insertions, 3 deletions

diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
index e98337e7d5..3cd65d0bf5 100644
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
           when 'xml'   then "xml '#{quote_string(value)}'"
           when /^bit/
             case value
-            when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-            when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+            when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+            when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
             end
           else
             super
@@ -1160,7 +1160,7 @@ module ActiveRecord
         FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:
 
         def exec_no_cache(sql, binds)
-          @connection.async_exec(sql)
+          @connection.async_exec(sql, [])
         end
 
         def exec_cache(sql, binds)
diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
index 172055f15c..cfdf16d48d 100644
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
           assert_equal 'f', @conn.type_cast(false, nil)
           assert_equal 'f', @conn.type_cast(false, c)
         end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
       end
     end
   end