From cad807ed60f2001c2725003690901fbc870dabd4 Mon Sep 17 00:00:00 2001 From: Mahendra Singh Thalor Date: Thu, 27 Mar 2025 17:20:36 +0530 Subject: [PATCH] block database name with newline or carriage return in name while creating database, if database name has any newline or carriage return character in name, then through error becuase these special character are not allowed in dbname when dump command is executed. block these in RenameDatabase also. --- src/backend/commands/dbcommands.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c index 5fbbcdaabb1..c8145b0b6e6 100644 --- a/src/backend/commands/dbcommands.c +++ b/src/backend/commands/dbcommands.c @@ -741,6 +741,13 @@ createdb(ParseState *pstate, const CreatedbStmt *stmt) CreateDBStrategy dbstrategy = CREATEDB_WAL_LOG; createdb_failure_params fparms; + /* Report error if dbname have newline or carriage return in name. */ + if (strpbrk(dbname, "\n\r")) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE)), + errmsg("database name contains a newline or carriage return character"), + errhint("newline or carriage return character is not allowed in database name")); + /* Extract options from the statement node tree */ foreach(option, stmt->options) { @@ -1884,6 +1891,13 @@ RenameDatabase(const char *oldname, const char *newname) int npreparedxacts; ObjectAddress address; + /* Report error if dbname have newline or carriage return in name. */ + if (strpbrk(newname, "\n\r")) + ereport(ERROR, + (errcode(ERRCODE_INVALID_PARAMETER_VALUE)), + errmsg("database new name contains a newline or carriage return character"), + errhint("newline or carriage return character is not allowed in database name")); + /* * Look up the target database's OID, and get exclusive lock on it. We * need this for the same reasons as DROP DATABASE. -- 2.39.3