Re: Bug#372115: Last security update of postgresql-contrib breaks database replication with DBMirror.pl

[Martin Pitt <martin(at)piware(dot)de>]

Hi PostgreSQL gurus, hi Olivier,

Martin Pitt [2006-06-16  0:15 +0200]:
> Upstream confirmed my reply in the last mail in [1]: the complete
> escaping logic in DBMirror.pl is seriously screwew.
> 
> [1] http://archives.postgresql.org/pgsql-bugs/2006-06/msg00065.php

I finally found some time to debug this, and I think I found a better
patch than the one you proposed. Mine is still hackish and is still a
workaround around a proper quoting solution, but at least it repairs
the parsing without introducing the \' quoting again.

I consider this a band-aid patch to fix the recent security update.
PostgreSQL gurus, would you consider applying this until a better
solution is found for DBMirror.pl?

Olivier, can you please confirm that the patch works for you, too?

Thank you,

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

In a world without walls and fences, who needs Windows and Gates?

--- /usr/lib/postgresql/bin/DBMirror.pl	2006-06-27 20:39:34.000000000 +0200
+++ DBMirror.pl	2006-06-27 22:21:05.000000000 +0200
@@ -852,7 +852,7 @@
 	$matchString = $1;
 	$value .= substr $matchString,0,length($matchString)-1;
 
-	if($matchString =~ m/(\'$)/s) {
+	if($matchString =~ m/(\'$)/s and (substr $dataField,length($matchString),1) ne "'") {
 	  # $1 runs to the end of the field value.
 	    $dataField = substr $dataField,length($matchString)+1;
 	    last;

Attachment: signature.asc
Description: Digital signature