From 1f2192e46d78ee0ba2b06373f2c24caf8440ff5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafael=20Mendon=C3=A7a=20Fran=C3=A7a?= Date: Thu, 5 Jun 2014 12:34:07 -0300 Subject: Check against bit string values using multiline regexp Fix CVE-2014-3482. --- .../lib/active_record/connection_adapters/postgresql_adapter.rb | 6 +++--- activerecord/test/cases/adapters/postgresql/quoting_test.rb | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb index e98337e7d5..3cd65d0bf5 100644 --- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb +++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb @@ -442,8 +442,8 @@ module ActiveRecord when 'xml' then "xml '#{quote_string(value)}'" when /^bit/ case value - when /^[01]*$/ then "B'#{value}'" # Bit-string notation - when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation + when /\A[01]*\Z/ then "B'#{value}'" # Bit-string notation + when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation end else super @@ -1160,7 +1160,7 @@ module ActiveRecord FEATURE_NOT_SUPPORTED = "0A000" # :nodoc: def exec_no_cache(sql, binds) - @connection.async_exec(sql) + @connection.async_exec(sql, []) end def exec_cache(sql, binds) diff --git a/activerecord/test/cases/adapters/postgresql/quoting_test.rb b/activerecord/test/cases/adapters/postgresql/quoting_test.rb index 172055f15c..cfdf16d48d 100644 --- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb +++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb @@ -19,6 +19,11 @@ module ActiveRecord assert_equal 'f', @conn.type_cast(false, nil) assert_equal 'f', @conn.type_cast(false, c) end + + def test_quote_bit_string + c = PostgreSQLColumn.new(nil, 1, 'bit') + assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c) + end end end end -- cgit v1.2.3