NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit55a2cc8

committed

Be more paranoid about null return values from libpq status functions.

PQhost() can return NULL in non-error situations, namely when a Unix-socketconnection has been selected by default. That behavior is a tad debatableperhaps, but for the moment we should make sure that psql copes with it.Unfortunately, do_connect() failed to: it could pass a NULL pointer tostrcmp(), resulting in crashes on most platforms. This was reported as asecurity issue by ChenQin of Topsec Security Team, but the consensus ofthe security list is that it's just a garden-variety bug with no securityimplications.For paranoia's sake, I made the keep_password test not trust PQuser orPQport either, even though I believe those will never return NULL givena valid PGconn.Back-patch to all supported branches.

1 parentb17dbf2 commit55a2cc8Copy full SHA for 55a2cc8

File tree

1 file changed

+12

-9

lines changed

src/bin/psql
- command.c

1 file changed

+12

-9

lines changed

`‎src/bin/psql/command.c‎`

Lines changed: 12 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1638,14 +1638,17 @@ do_connect(char dbname, char user, char host, char port)`
`1638`	`1638`	`/*`
`1639`	`1639`	`* Any change in the parameters read above makes us discard the password.`
`1640`	`1640`	`* We also discard it if we're to use a conninfo rather than the`
`1641`		`- * positional syntax.`
	`1641`	`+ * positional syntax. Note that currently, PQhost() can return NULL for a`
	`1642`	`+ * default Unix-socket connection, so we have to allow NULL for host.`
`1642`	`1643`	`*/`
`1643`		`-keep_password=`
`1644`		`-(o_conn&&`
`1645`		`- (strcmp(user,PQuser(o_conn))==0)&&`
`1646`		`- (!host\|\|strcmp(host,PQhost(o_conn))==0)&&`
`1647`		`- (strcmp(port,PQport(o_conn))==0)&&`
`1648`		`- !has_connection_string);`
	`1644`	`+if (has_connection_string)`
	`1645`	`+keep_password= false;`
	`1646`	`+else`
	`1647`	`+keep_password=`
	`1648`	`+(user&&PQuser(o_conn)&&strcmp(user,PQuser(o_conn))==0)&&`
	`1649`	`+((host&&PQhost(o_conn)&&strcmp(host,PQhost(o_conn))==0)\|\|`
	`1650`	`+ (host==NULL&&PQhost(o_conn)==NULL))&&`
	`1651`	`+(port&&PQport(o_conn)&&strcmp(port,PQport(o_conn))==0);`
`1649`	`1652`
`1650`	`1653`	`/*`
`1651`	`1654`	`* Grab dbname from old connection unless supplied by caller. No password`
`@@ -1657,8 +1660,8 @@ do_connect(char dbname, char user, char host, char port)`
`1657`	`1660`	`/*`
`1658`	`1661`	`* If the user asked to be prompted for a password, ask for one now. If`
`1659`	`1662`	`* not, use the password from the old connection, provided the username`
`1660`		`- *hasnot changed. Otherwise, try to connect without a password first,`
`1661`		`- * and then ask for a password if needed.`
	`1663`	`+ *etc havenot changed. Otherwise, try to connect without a password`
	`1664`	`+ *first,and then ask for a password if needed.`
`1662`	`1665`	`*`
`1663`	`1666`	`* XXX: this behavior leads to spurious connection attempts recorded in`
`1664`	`1667`	`* the postmaster's log. But libpq offers no API that would let us obtain`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit55a2cc8

File tree

1 file changed

1 file changed

`‎src/bin/psql/command.c‎`

0 commit comments