Re: [postgresql-interfaces/psqlodbc] PR #175: Validate percent escapes before decoding connection-string values

postgresql-interfaces/psqlodbc GitHub issues and pull requests (mirror)  
help / color / mirror / Atom feed

From: jarvis24young (@jarvis24young) <[email protected]>
To: postgresql-interfaces/psqlodbc <[email protected]>
Subject: Re: [postgresql-interfaces/psqlodbc] PR #175: Validate percent escapes before decoding connection-string values
Date: Thu, 23 Apr 2026 09:18:52 +0000
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>

I updated the regression test to make it stronger.

Instead of using `PWD=...` and accepting an authentication failure, the test now uses `pqopt=application_name=...`. That still exercises the same `decode_or_remove_braces()` / `decode()` path for connection-string percent decoding, but it does not override the DSN password, so `SQLDriverConnect()` is expected to succeed for each case.

For reference, before this patch the truncated percent case triggers UBSan in my local ASan/UBSan build:

```text
dlg_specific.c:1584:12: runtime error: left shift of negative value -48
    #0 conv_from_hex /home/yjw/psqlodbc-build/dlg_specific.c:1584
    #1 decode /home/yjw/psqlodbc-build/dlg_specific.c:1612
    #2 decode_or_remove_braces /home/yjw/psqlodbc-build/dlg_specific.c:1658
    #3 copyConnAttributes /home/yjw/psqlodbc-build/dlg_specific.c:639
    #4 dconn_get_attributes /home/yjw/psqlodbc-build/drvconn.c:577
    #5 PGAPI_DriverConnect /home/yjw/psqlodbc-build/drvconn.c:157
    #6 SQLDriverConnect /home/yjw/psqlodbc-build/odbcapi.c:213
```

The `ok` output in the committed regression test represents the fixed behavior: malformed percent escapes no longer reach `conv_from_hex()`, and the connection path completes successfully.

view thread (6+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: github://postgresql-interfaces/psqlodbc
  Cc: [email protected], [email protected]
  Subject: Re: [postgresql-interfaces/psqlodbc] PR #175: Validate percent escapes before decoding connection-string values
  In-Reply-To: <<[email protected]>>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox