diff options
| author | Alexander Schrijver <alex@flupzor.nl> | 2016-07-17 16:32:47 +0200 |
|---|---|---|
| committer | Alexander Schrijver <alex@flupzor.nl> | 2016-07-18 22:56:55 +0200 |
| commit | 03824a1dba8eb4b82fff3fd6c0a8ae513e72a2a1 (patch) | |
| tree | 8c6ebc3519b4f4be882da6711bf186f809fb0271 /psycopg/utils.c | |
| parent | 90ee1ebba5d1da4bd9d8c6e12944308074732f08 (diff) | |
| download | psycopg2-03824a1dba8eb4b82fff3fd6c0a8ae513e72a2a1.tar.gz | |
Throw an exception when a NUL character is used as a parameter.
Diffstat (limited to 'psycopg/utils.c')
| -rw-r--r-- | psycopg/utils.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/psycopg/utils.c b/psycopg/utils.c index 1b10c4a..b919180 100644 --- a/psycopg/utils.c +++ b/psycopg/utils.c @@ -50,8 +50,13 @@ psycopg_escape_string(connectionObject *conn, const char *from, Py_ssize_t len, Py_ssize_t ql; int eq = (conn && (conn->equote)) ? 1 : 0; - if (len == 0) + if (len == 0) { len = strlen(from); + } else if (strchr(from, '\0') != from + len) { + PyErr_Format(PyExc_ValueError, "A string literal cannot contain NUL (0x00) characters."); + + return NULL; + } if (to == NULL) { to = (char *)PyMem_Malloc((len * 2 + 4) * sizeof(char)); |