Jack Christensen
adbb38f298
The PostgreSQL server will reject messages greater than ~1 GB anyway. However, worse than that is that a message that is larger than 4 GB could wrap the 32-bit integer message size and be interpreted by the server as multiple messages. This could allow a malicious client to inject arbitrary protocol messages. https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv
85 lines
1.9 KiB
Go
85 lines
1.9 KiB
Go
package pgproto3
|
|
|
|
import (
|
|
"bytes"
|
|
"encoding/binary"
|
|
"encoding/json"
|
|
|
|
"github.com/jackc/pgx/v5/internal/pgio"
|
|
)
|
|
|
|
type Parse struct {
|
|
Name string
|
|
Query string
|
|
ParameterOIDs []uint32
|
|
}
|
|
|
|
// Frontend identifies this message as sendable by a PostgreSQL frontend.
|
|
func (*Parse) Frontend() {}
|
|
|
|
// Decode decodes src into dst. src must contain the complete message with the exception of the initial 1 byte message
|
|
// type identifier and 4 byte message length.
|
|
func (dst *Parse) Decode(src []byte) error {
|
|
*dst = Parse{}
|
|
|
|
buf := bytes.NewBuffer(src)
|
|
|
|
b, err := buf.ReadBytes(0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dst.Name = string(b[:len(b)-1])
|
|
|
|
b, err = buf.ReadBytes(0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
dst.Query = string(b[:len(b)-1])
|
|
|
|
if buf.Len() < 2 {
|
|
return &invalidMessageFormatErr{messageType: "Parse"}
|
|
}
|
|
parameterOIDCount := int(binary.BigEndian.Uint16(buf.Next(2)))
|
|
|
|
for i := 0; i < parameterOIDCount; i++ {
|
|
if buf.Len() < 4 {
|
|
return &invalidMessageFormatErr{messageType: "Parse"}
|
|
}
|
|
dst.ParameterOIDs = append(dst.ParameterOIDs, binary.BigEndian.Uint32(buf.Next(4)))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Encode encodes src into dst. dst will include the 1 byte message type identifier and the 4 byte message length.
|
|
func (src *Parse) Encode(dst []byte) ([]byte, error) {
|
|
dst, sp := beginMessage(dst, 'P')
|
|
|
|
dst = append(dst, src.Name...)
|
|
dst = append(dst, 0)
|
|
dst = append(dst, src.Query...)
|
|
dst = append(dst, 0)
|
|
|
|
dst = pgio.AppendUint16(dst, uint16(len(src.ParameterOIDs)))
|
|
for _, oid := range src.ParameterOIDs {
|
|
dst = pgio.AppendUint32(dst, oid)
|
|
}
|
|
|
|
return finishMessage(dst, sp)
|
|
}
|
|
|
|
// MarshalJSON implements encoding/json.Marshaler.
|
|
func (src Parse) MarshalJSON() ([]byte, error) {
|
|
return json.Marshal(struct {
|
|
Type string
|
|
Name string
|
|
Query string
|
|
ParameterOIDs []uint32
|
|
}{
|
|
Type: "Parse",
|
|
Name: src.Name,
|
|
Query: src.Query,
|
|
ParameterOIDs: src.ParameterOIDs,
|
|
})
|
|
}
|