NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit8b84552

committed

Add tests for various connection string issues

Add tests for consistent support of connection strings in frontendprograms as well as proper handling of unusual characters in databaseand user names. These tests were developed for the issues ofCVE-2016-5424.To allow testing of names with spaces, change the pg_regresscommand-line options --create-role and --dbname to split their argumentsby comma only, not space or comma as before. Only commas were actuallyused in existing uses.Noah Misch, Michael Paquier, Peter Eisentraut

1 parente7010ce commit8b84552Copy full SHA for 8b84552

File tree

9 files changed

+266

-12

lines changed

src
- bin
  - pg_dump/t
    - 010_dump_connstr.pl
  - pg_rewind
    - RewindTest.pm
  - scripts/t
- test
  - perl
    - PostgresNode.pm
    - TestLib.pm
  - regress
    - pg_regress.c

9 files changed

+266

-12

lines changed

`‎src/bin/pg_dump/t/010_dump_connstr.pl‎`

Lines changed: 142 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,142 @@`
	`1`	`+use strict;`
	`2`	`+use warnings;`
	`3`	`+`
	`4`	`+use PostgresNode;`
	`5`	`+use TestLib;`
	`6`	`+use Test::Moretests=> 14;`
	`7`	`+`
	`8`	`+# In a SQL_ASCII database, pgwin32_message_to_UTF16() needs to`
	`9`	`+# interpret everything as UTF8. We're going to use byte sequences`
	`10`	`+# that aren't valid UTF-8 strings, so that would fail. Use LATIN1,`
	`11`	`+# which accepts any byte and has a conversion from each byte to UTF-8.`
	`12`	`+$ENV{LC_ALL} ='C';`
	`13`	`+$ENV{PGCLIENTENCODING} ='LATIN1';`
	`14`	`+`
	`15`	`+# Create database and user names covering the range of LATIN1`
	`16`	`+# characters, for use in a connection string by pg_dumpall. Skip ','`
	`17`	`+# because of pg_regress --create-role, skip [\n\r] because pg_dumpall`
	`18`	`+# does not allow them.`
	`19`	`+my$dbname1 = generate_ascii_string(1, 9) .`
	`20`	`+generate_ascii_string(11, 12) .`
	`21`	`+generate_ascii_string(14, 33) .`
	`22`	`+($TestLib::windows_os ?'' :'"x"') .# IPC::Run mishandles '"' on Windows`
	`23`	`+generate_ascii_string(35, 43) .`
	`24`	`+generate_ascii_string(45, 63);# contains '='`
	`25`	`+my$dbname2 = generate_ascii_string(67, 129);# skip 64-66 to keep length to 62`
	`26`	`+my$dbname3 = generate_ascii_string(130, 192);`
	`27`	`+my$dbname4 = generate_ascii_string(193, 255);`
	`28`	`+`
	`29`	`+my$node = get_new_node('main');`
	`30`	`+$node->init(extra=> ['--locale=C','--encoding=LATIN1']);`
	`31`	`+# prep pg_hba.conf and pg_ident.conf`
	`32`	`+$node->run_log([$ENV{PG_REGRESS},'--config-auth',$node->data_dir,`
	`33`	`+'--create-role',"$dbname1,$dbname2,$dbname3,$dbname4"]);`
	`34`	`+$node->start;`
	`35`	`+`
	`36`	`+my$backupdir =$node->backup_dir;`
	`37`	`+my$discard ="$backupdir/discard.sql";`
	`38`	`+my$plain ="$backupdir/plain.sql";`
	`39`	`+my$dirfmt ="$backupdir/dirfmt";`
	`40`	`+`
	`41`	`+foreachmy$dbname ($dbname1,$dbname2,$dbname3,$dbname4,'CamelCase')`
	`42`	`+{`
	`43`	`+$node->run_log(['createdb',$dbname]);`
	`44`	`+$node->run_log(['createuser','-s',$dbname]);`
	`45`	`+}`
	`46`	`+`
	`47`	`+`
	`48`	`+# For these tests, pg_dumpall -r is used because it produces a short`
	`49`	`+# dump.`
	`50`	`+$node->command_ok(['pg_dumpall','-r','-f',$discard,'--dbname',`
	`51`	`+$node->connstr($dbname1),'-U',$dbname4],`
	`52`	`+'pg_dumpall with long ASCII name 1');`
	`53`	`+$node->command_ok(['pg_dumpall','-r','-f',$discard,'--dbname',`
	`54`	`+$node->connstr($dbname2),'-U',$dbname3],`
	`55`	`+'pg_dumpall with long ASCII name 2');`
	`56`	`+$node->command_ok(['pg_dumpall','-r','-f',$discard,'--dbname',`
	`57`	`+$node->connstr($dbname3),'-U',$dbname2],`
	`58`	`+'pg_dumpall with long ASCII name 3');`
	`59`	`+$node->command_ok(['pg_dumpall','-r','-f',$discard,'--dbname',`
	`60`	`+$node->connstr($dbname4),'-U',$dbname1],`
	`61`	`+'pg_dumpall with long ASCII name 4');`
	`62`	`+$node->command_ok(['pg_dumpall','-r','-l','dbname=template1'],`
	`63`	`+'pg_dumpall -l accepts connection string');`
	`64`	`+`
	`65`	`+$node->run_log(['createdb',"foo\n\rbar"]);`
	`66`	`+# not sufficient to use -r here`
	`67`	`+$node->command_fails(['pg_dumpall','-f',$discard],`
	`68`	`+'pg_dumpall with \n\r in database name');`
	`69`	`+$node->run_log(['dropdb',"foo\n\rbar"]);`
	`70`	`+`
	`71`	`+`
	`72`	`+# make a table, so the parallel worker has something to dump`
	`73`	`+$node->safe_psql($dbname1,'CREATE TABLE t0()');`
	`74`	`+# XXX no printed message when this fails, just SIGPIPE termination`
	`75`	`+$node->command_ok(['pg_dump','-Fd','-j2','-f',$dirfmt,`
	`76`	`+'-U',$dbname1,$node->connstr($dbname1)],`
	`77`	`+'parallel dump');`
	`78`	`+`
	`79`	`+# recreate $dbname1 for restore test`
	`80`	`+$node->run_log(['dropdb',$dbname1]);`
	`81`	`+$node->run_log(['createdb',$dbname1]);`
	`82`	`+`
	`83`	`+$node->command_ok(['pg_restore','-v','-d','template1','-j2',`
	`84`	`+'-U',$dbname1,$dirfmt],`
	`85`	`+'parallel restore');`
	`86`	`+`
	`87`	`+$node->run_log(['dropdb',$dbname1]);`
	`88`	`+`
	`89`	`+$node->command_ok(['pg_restore','-C','-v','-d','template1','-j2',`
	`90`	`+'-U',$dbname1,$dirfmt],`
	`91`	`+'parallel restore with create');`
	`92`	`+`
	`93`	`+`
	`94`	`+$node->command_ok(['pg_dumpall','-f',$plain,'-U',$dbname1],`
	`95`	`+'take full dump');`
	`96`	`+system_log('cat',$plain);`
	`97`	`+my($stderr,$result);`
	`98`	`+my$bootstrap_super ='boot';`
	`99`	`+my$restore_super =qq{a'b\\c=d\\ne"f};`
	`100`	`+`
	`101`	`+`
	`102`	`+# Restore full dump through psql using environment variables for`
	`103`	`+# dbname/user connection parameters`
	`104`	`+`
	`105`	`+my$envar_node = get_new_node('destination_envar');`
	`106`	`+$envar_node->init(extra=> ['-U',$bootstrap_super,`
	`107`	`+'--locale=C','--encoding=LATIN1']);`
	`108`	`+$envar_node->run_log([$ENV{PG_REGRESS},`
	`109`	`+'--config-auth',$envar_node->data_dir,`
	`110`	`+'--create-role',"$bootstrap_super,$restore_super"]);`
	`111`	`+$envar_node->start;`
	`112`	`+`
	`113`	`+# make superuser for restore`
	`114`	`+$envar_node->run_log(['createuser','-U',$bootstrap_super,'-s',$restore_super]);`
	`115`	`+`
	`116`	`+{`
	`117`	`+local$ENV{PGPORT} =$envar_node->port;`
	`118`	`+local$ENV{PGUSER} =$restore_super;`
	`119`	`+$result = run_log(['psql','-X','-f',$plain],'2>', \$stderr);`
	`120`	`+}`
	`121`	`+ok($result,'restore full dump using environment variables for connection parameters');`
	`122`	`+is($stderr,'','no dump errors');`
	`123`	`+`
	`124`	`+`
	`125`	`+# Restore full dump through psql using command-line options for`
	`126`	`+# dbname/user connection parameters. "\connect dbname=" forgets`
	`127`	`+# user/port from command line.`
	`128`	`+`
	`129`	`+$restore_super =~s/"//gif$TestLib::windows_os;# IPC::Run mishandles '"' on Windows`
	`130`	`+my$cmdline_node = get_new_node('destination_cmdline');`
	`131`	`+$cmdline_node->init(extra=> ['-U',$bootstrap_super,`
	`132`	`+'--locale=C','--encoding=LATIN1']);`
	`133`	`+$cmdline_node->run_log([$ENV{PG_REGRESS},`
	`134`	`+'--config-auth',$cmdline_node->data_dir,`
	`135`	`+'--create-role',"$bootstrap_super,$restore_super"]);`
	`136`	`+$cmdline_node->start;`
	`137`	`+$cmdline_node->run_log(['createuser','-U',$bootstrap_super,'-s',$restore_super]);`
	`138`	`+{`
	`139`	`+$result = run_log(['psql','-p',$cmdline_node->port,'-U',$restore_super,'-X','-f',$plain],'2>', \$stderr);`
	`140`	`+}`
	`141`	`+ok($result,'restore full dump with command-line options for connection parameters');`
	`142`	`+is($stderr,'','no dump errors');`

`‎src/bin/pg_rewind/RewindTest.pm‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ sub create_standby`
`133`	`133`	`$node_standby = get_new_node('standby');`
`134`	`134`	`$node_master->backup('my_backup');`
`135`	`135`	`$node_standby->init_from_backup($node_master,'my_backup');`
`136`		`-my$connstr_master =$node_master->connstr('postgres');`
	`136`	`+my$connstr_master =$node_master->connstr();`
`137`	`137`
`138`	`138`	`$node_standby->append_conf(`
`139`	`139`	`"recovery.conf",qq(`

`‎src/bin/scripts/t/010_clusterdb.pl‎`

Lines changed: 4 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`use PostgresNode;`
`5`	`5`	`use TestLib;`
`6`		`-use Test::Moretests=>13;`
	`6`	`+use Test::Moretests=>14;`
`7`	`7`
`8`	`8`	`program_help_ok('clusterdb');`
`9`	`9`	`program_version_ok('clusterdb');`
`@@ -28,3 +28,6 @@`
`28`	`28`	`['clusterdb','-t','test1' ],`
`29`	`29`	`qr/statement: CLUSTER test1;/,`
`30`	`30`	`'cluster specific table');`
	`31`	`+`
	`32`	`+$node->command_ok([qw(clusterdb --echo --verbose dbname=template1)],`
	`33`	`+'clusterdb with connection string');`

`‎src/bin/scripts/t/090_reindexdb.pl‎`

Lines changed: 8 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`use PostgresNode;`
`5`	`5`	`use TestLib;`
`6`		`-use Test::Moretests=>20;`
	`6`	`+use Test::Moretests=>23;`
`7`	`7`
`8`	`8`	`program_help_ok('reindexdb');`
`9`	`9`	`program_version_ok('reindexdb');`
`@@ -42,3 +42,10 @@`
`42`	`42`	`['reindexdb','-v','-t','test1','postgres' ],`
`43`	`43`	`qr/statement: REINDEX$VERBOSE$ TABLE test1;/,`
`44`	`44`	`'reindex with verbose output');`
	`45`	`+`
	`46`	`+$node->command_ok([qw(reindexdb --echo --table=pg_am dbname=template1)],`
	`47`	`+'reindexdb table with connection string');`
	`48`	`+$node->command_ok([qw(reindexdb --echo dbname=template1)],`
	`49`	`+'reindexdb database with connection string');`
	`50`	`+$node->command_ok([qw(reindexdb --echo --system dbname=template1)],`
	`51`	`+'reindexdb system with connection string');`

`‎src/bin/scripts/t/100_vacuumdb.pl‎`

Lines changed: 3 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`use PostgresNode;`
`5`	`5`	`use TestLib;`
`6`		`-use Test::Moretests=>18;`
	`6`	`+use Test::Moretests=>19;`
`7`	`7`
`8`	`8`	`program_help_ok('vacuumdb');`
`9`	`9`	`program_version_ok('vacuumdb');`
`@@ -33,3 +33,5 @@`
`33`	`33`	`['vacuumdb','-Z','postgres' ],`
`34`	`34`	`qr/statement: ANALYZE;/,`
`35`	`35`	`'vacuumdb -Z');`
	`36`	`+$node->command_ok([qw(vacuumdb -Z --table=pg_am dbname=template1)],`
	`37`	`+'vacuumdb with connection string');`

`‎src/bin/scripts/t/200_connstr.pl‎`

Lines changed: 38 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,38 @@`
	`1`	`+use strict;`
	`2`	`+use warnings;`
	`3`	`+`
	`4`	`+use PostgresNode;`
	`5`	`+use TestLib;`
	`6`	`+use Test::Moretests=> 3;`
	`7`	`+`
	`8`	`+# Tests to check connection string handling in utilities`
	`9`	`+`
	`10`	`+# In a SQL_ASCII database, pgwin32_message_to_UTF16() needs to`
	`11`	`+# interpret everything as UTF8. We're going to use byte sequences`
	`12`	`+# that aren't valid UTF-8 strings, so that would fail. Use LATIN1,`
	`13`	`+# which accepts any byte and has a conversion from each byte to UTF-8.`
	`14`	`+$ENV{LC_ALL} ='C';`
	`15`	`+$ENV{PGCLIENTENCODING} ='LATIN1';`
	`16`	`+`
	`17`	`+# Create database names covering the range of LATIN1 characters and`
	`18`	`+# run the utilities' --all options over them.`
	`19`	`+my$dbname1 = generate_ascii_string(1, 63);# contains '='`
	`20`	`+my$dbname2 = generate_ascii_string(67, 129);# skip 64-66 to keep length to 62`
	`21`	`+my$dbname3 = generate_ascii_string(130, 192);`
	`22`	`+my$dbname4 = generate_ascii_string(193, 255);`
	`23`	`+`
	`24`	`+my$node = get_new_node('main');`
	`25`	`+$node->init(extra=> ['--locale=C','--encoding=LATIN1']);`
	`26`	`+$node->start;`
	`27`	`+`
	`28`	`+foreachmy$dbname ($dbname1,$dbname2,$dbname3,$dbname4,'CamelCase')`
	`29`	`+{`
	`30`	`+$node->run_log(['createdb',$dbname]);`
	`31`	`+}`
	`32`	`+`
	`33`	`+$node->command_ok([qw(vacuumdb --all --echo --analyze-only)],`
	`34`	`+'vacuumdb --all with unusual database names');`
	`35`	`+$node->command_ok([qw(reindexdb --all --echo)],`
	`36`	`+'reindexdb --all with unusual database names');`
	`37`	`+$node->command_ok([qw(clusterdb --all --echo --verbose)],`
	`38`	`+'clusterdb --all with unusual database names');`

`‎src/test/perl/PostgresNode.pm‎`

Lines changed: 27 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -243,7 +243,13 @@ sub connstr`
`243`	`243`	`{`
`244`	`244`	`return"port=$pgport host=$pghost";`
`245`	`245`	`}`
`246`		`-return"port=$pgport host=$pghost dbname=$dbname";`
	`246`	`+`
	`247`	`+# Escape properly the database string before using it, only`
	`248`	`+# single quotes and backslashes need to be treated this way.`
	`249`	`+$dbname =~s#\\#\\\\#g;`
	`250`	`+$dbname =~s#\'#\\\'#g;`
	`251`	`+`
	`252`	`+return"port=$pgport host=$pghost dbname='$dbname'";`
`247`	`253`	`}`
`248`	`254`
`249`	`255`	`=pod`
`@@ -396,7 +402,8 @@ sub init`
`396`	`402`	`mkdir$self->backup_dir;`
`397`	`403`	`mkdir$self->archive_dir;`
`398`	`404`
`399`		`-TestLib::system_or_bail('initdb','-D',$pgdata,'-A','trust','-N');`
	`405`	`+TestLib::system_or_bail('initdb','-D',$pgdata,'-A','trust','-N',`
	`406`	`+@{$params{extra} });`
`400`	`407`	`TestLib::system_or_bail($ENV{PG_REGRESS},'--config-auth',$pgdata);`
`401`	`408`
`402`	`409`	`openmy$conf,">>$pgdata/postgresql.conf";`
`@@ -1300,6 +1307,24 @@ sub issues_sql_like`
`1300`	`1307`
`1301`	`1308`	`=pod`
`1302`	`1309`
	`1310`	`+=item$node->run_log(...)`
	`1311`	`+`
	`1312`	`+Runs a shell command like TestLib::run_log, but with PGPORT set so`
	`1313`	`+that the command will default to connecting to this PostgresNode.`
	`1314`	`+`
	`1315`	`+=cut`
	`1316`	`+`
	`1317`	`+subrun_log`
	`1318`	`+{`
	`1319`	`+my$self =shift;`
	`1320`	`+`
	`1321`	`+local$ENV{PGPORT} =$self->port;`
	`1322`	`+`
	`1323`	`+TestLib::run_log(@_);`
	`1324`	`+}`
	`1325`	`+`
	`1326`	`+=pod`
	`1327`	`+`
`1303`	`1328`	`=back`
`1304`	`1329`
`1305`	`1330`	`=cut`

`‎src/test/perl/TestLib.pm‎`

Lines changed: 14 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ use SimpleTee;`
`20`	`20`	`use Test::More;`
`21`	`21`
`22`	`22`	`our@EXPORT =qw(`
	`23`	`+ generate_ascii_string`
`23`	`24`	`slurp_dir`
`24`	`25`	`slurp_file`
`25`	`26`	`append_to_file`
`@@ -166,6 +167,19 @@ sub run_log`
`166`	`167`	`return IPC::Run::run(@_);`
`167`	`168`	`}`
`168`	`169`
	`170`	`+# Generate a string made of the given range of ASCII characters`
	`171`	`+subgenerate_ascii_string`
	`172`	`+{`
	`173`	`+my ($from_char,$to_char) =@_;`
	`174`	`+my$res;`
	`175`	`+`
	`176`	`+formy$i ($from_char ..$to_char)`
	`177`	`+{`
	`178`	`+$res .=sprintf("%c",$i);`
	`179`	`+}`
	`180`	`+return$res;`
	`181`	`+}`
	`182`	`+`
`169`	`183`	`subslurp_dir`
`170`	`184`	`{`
`171`	`185`	`my ($dir) =@_;`

`‎src/test/regress/pg_regress.c‎`

Lines changed: 29 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -876,6 +876,29 @@ initialize_environment(void)`
`876`	`876`	`load_resultmap();`
`877`	`877`	`}`
`878`	`878`
	`879`	`+pg_attribute_unused()`
	`880`	`+staticconstchar*`
	`881`	`+fmtHba(constchar*raw)`
	`882`	`+{`
	`883`	`+staticchar*ret;`
	`884`	`+constchar*rp;`
	`885`	`+char*wp;`
	`886`	`+`
	`887`	`+wp=ret=realloc(ret,3+strlen(raw)*2);`
	`888`	`+`
	`889`	`+*wp++='"';`
	`890`	`+for (rp=raw;*rp;rp++)`
	`891`	`+{`
	`892`	`+if (*rp=='"')`
	`893`	`+*wp++='"';`
	`894`	`+wp++=rp;`
	`895`	`+}`
	`896`	`+*wp++='"';`
	`897`	`+*wp++='\0';`
	`898`	`+`
	`899`	`+returnret;`
	`900`	`+}`
	`901`	`+`
`879`	`902`	`#ifdefENABLE_SSPI`
`880`	`903`	`/*`
`881`	`904`	`* Get account and domain/realm names for the current user. This is based on`
`@@ -1037,11 +1060,11 @@ config_sspi_auth(const char *pgdata)`
`1037`	`1060`	`* '#'. Windows forbids the double-quote character itself, so don't`
`1038`	`1061`	`* bother escaping embedded double-quote characters.`
`1039`	`1062`	`*/`
`1040`		`-CW(fprintf(ident,"regress \"%s@%s\"\"%s\"\n",`
`1041`		`-accountname,domainname,username) >=0);`
	`1063`	`+CW(fprintf(ident,"regress \"%s@%s\"%s\n",`
	`1064`	`+accountname,domainname,fmtHba(username)) >=0);`
`1042`	`1065`	`for (sl=extraroles;sl;sl=sl->next)`
`1043`		`-CW(fprintf(ident,"regress \"%s@%s\"\"%s\"\n",`
`1044`		`-accountname,domainname,sl->str) >=0);`
	`1066`	`+CW(fprintf(ident,"regress \"%s@%s\"%s\n",`
	`1067`	`+accountname,domainname,fmtHba(sl->str)) >=0);`
`1045`	`1068`	`CW(fclose(ident)==0);`
`1046`	`1069`	`}`
`1047`	`1070`	`#endif`
`@@ -2064,7 +2087,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc`
`2064`	`2087`	`* before we add the specified one.`
`2065`	`2088`	`*/`
`2066`	`2089`	`free_stringlist(&dblist);`
`2067`		`-split_to_stringlist(optarg,",",&dblist);`
	`2090`	`+split_to_stringlist(optarg,",",&dblist);`
`2068`	`2091`	`break;`
`2069`	`2092`	`case2:`
`2070`	`2093`	`debug= true;`
`@@ -2114,7 +2137,7 @@ regression_main(int argc, char *argv[], init_function ifunc, test_function tfunc`
`2114`	`2137`	`dlpath=pg_strdup(optarg);`
`2115`	`2138`	`break;`
`2116`	`2139`	`case18:`
`2117`		`-split_to_stringlist(optarg,",",&extraroles);`
	`2140`	`+split_to_stringlist(optarg,",",&extraroles);`
`2118`	`2141`	`break;`
`2119`	`2142`	`case19:`
`2120`	`2143`	`add_stringlist_item(&temp_configs,optarg);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit8b84552

File tree

9 files changed

9 files changed

`‎src/bin/pg_dump/t/010_dump_connstr.pl‎`

`‎src/bin/pg_rewind/RewindTest.pm‎`

`‎src/bin/scripts/t/010_clusterdb.pl‎`

`‎src/bin/scripts/t/090_reindexdb.pl‎`

`‎src/bin/scripts/t/100_vacuumdb.pl‎`

`‎src/bin/scripts/t/200_connstr.pl‎`

`‎src/test/perl/PostgresNode.pm‎`

`‎src/test/perl/TestLib.pm‎`

`‎src/test/regress/pg_regress.c‎`

0 commit comments