From: Magnus Hagander <magnus@hagander.net>
Date: Thu, 20 Nov 2008 15:36:22 +0000 (+0000)
Subject: Don't pass strings directly to errdetail() and errhint() - use
X-Git-Tag: recoveryinfrav9~316
X-Git-Url: http://git.postgresql.org/gitweb/static/gitweb.js?a=commitdiff_plain;h=bab3f077a05d7da95017fdd1a7ddb9649b912da7;p=users%2Fsimon%2Fpostgres.git

Don't pass strings directly to errdetail() and errhint() - use
%s to unescape them. Fixes a potential security issue (in as yet
unreleased code)
---

diff --git a/src/pl/plpgsql/src/pl_exec.c b/src/pl/plpgsql/src/pl_exec.c
index 7d8eb9b346..03c77eae81 100644
--- a/src/pl/plpgsql/src/pl_exec.c
+++ b/src/pl/plpgsql/src/pl_exec.c
@@ -2538,8 +2538,8 @@ exec_stmt_raise(PLpgSQL_execstate *estate, PLpgSQL_stmt_raise *stmt)
 	ereport(stmt->elog_level,
 			(err_code ? errcode(err_code) : 0,
 			 errmsg_internal("%s", err_message),
-			 (err_detail != NULL) ? errdetail(err_detail) : 0,
-			 (err_hint != NULL) ? errhint(err_hint) : 0));
+			 (err_detail != NULL) ? errdetail("%s", err_detail) : 0,
+			 (err_hint != NULL) ? errhint("%s", err_hint) : 0));
 
 	estate->err_text = NULL;	/* un-suppress... */