Check against bit string values using multiline regexp

Fix CVE-2014-3482.
2026-01-08 22:27:59 -05:00 · 2014-06-05 12:34:07 -03:00
parent 297bff7f8f
commit 1f2192e46d
2 changed files with 8 additions and 3 deletions
--- a/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
+++ b/activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb
@@ -442,8 +442,8 @@ module ActiveRecord
          when 'xml'   then "xml '#{quote_string(value)}'"
          when /^bit/
            case value
-            when /^[01]*$/      then "B'#{value}'" # Bit-string notation
-            when /^[0-9A-F]*$/i then "X'#{value}'" # Hexadecimal notation
+            when /\A[01]*\Z/      then "B'#{value}'" # Bit-string notation
+            when /\A[0-9A-F]*\Z/i then "X'#{value}'" # Hexadecimal notation
            end
          else
            super
@@ -1160,7 +1160,7 @@ module ActiveRecord
        FEATURE_NOT_SUPPORTED = "0A000" # :nodoc:

        def exec_no_cache(sql, binds)
-          @connection.async_exec(sql)
+          @connection.async_exec(sql, [])
        end

        def exec_cache(sql, binds)
--- a/activerecord/test/cases/adapters/postgresql/quoting_test.rb
+++ b/activerecord/test/cases/adapters/postgresql/quoting_test.rb
@@ -19,6 +19,11 @@ module ActiveRecord
          assert_equal 'f', @conn.type_cast(false, nil)
          assert_equal 'f', @conn.type_cast(false, c)
        end
+
+        def test_quote_bit_string
+          c = PostgreSQLColumn.new(nil, 1, 'bit')
+          assert_equal nil, @conn.quote("'); SELECT * FORM users; /*\n01\n*/--", c)
+        end
      end
    end
  end