Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8d00858

Browse files
committed
Change libpq's internal uses of PQhost() to inspect host field directly.
Commit1944cdc changed PQhost() to return the hostaddr value when thatis specified and host isn't. This is a good idea in general, butfe-auth.c and related files contain PQhost() calls for which it isn't.Specifically, when we compare SSL certificates or other server identityinformation to the host field, we do not want to use hostaddr instead;that's not what's documented, that's not what happened pre-v10, andit doesn't seem like a good idea.Instead, we can just look at connhost[].host directly. This does whatwe want in v10 and up; in particular, if neither host nor hostaddrwere given, the host field will be replaced with the default host name.That seems useful, and it's likely the reason that these places werecoded to call PQhost() originally (since pre-v10, the stored field wasnot replaced with the default).Back-patch to v10, as1944cdc (just) was.Discussion:https://postgr.es/m/23287.1533227021@sss.pgh.pa.us
1 parent6203881 commit8d00858

File tree

2 files changed

+11
-4
lines changed

2 files changed

+11
-4
lines changed

‎src/interfaces/libpq/fe-auth.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -199,7 +199,7 @@ pg_GSS_startup(PGconn *conn, int payloadlen)
199199
min_stat;
200200
intmaxlen;
201201
gss_buffer_desctemp_gbuf;
202-
char*host=PQhost(conn);
202+
char*host=conn->connhost[conn->whichhost].host;
203203

204204
if (!(host&&host[0]!='\0'))
205205
{
@@ -414,7 +414,7 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate, int payloadlen)
414414
{
415415
SECURITY_STATUSr;
416416
TimeStampexpire;
417-
char*host=PQhost(conn);
417+
char*host=conn->connhost[conn->whichhost].host;
418418

419419
if (conn->sspictx)
420420
{

‎src/interfaces/libpq/fe-secure-openssl.c

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -483,10 +483,17 @@ verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name_entry,
483483
char*name;
484484
constunsignedchar*namedata;
485485
intresult;
486-
char*host=PQhost(conn);
486+
char*host=conn->connhost[conn->whichhost].host;
487487

488488
*store_name=NULL;
489489

490+
if (!(host&&host[0]!='\0'))
491+
{
492+
printfPQExpBuffer(&conn->errorMessage,
493+
libpq_gettext("host name must be specified\n"));
494+
return-1;
495+
}
496+
490497
/* Should not happen... */
491498
if (name_entry==NULL)
492499
{
@@ -564,7 +571,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
564571
STACK_OF(GENERAL_NAME)*peer_san;
565572
inti;
566573
intrc;
567-
char*host=PQhost(conn);
574+
char*host=conn->connhost[conn->whichhost].host;
568575

569576
/*
570577
* If told not to verify the peer name, don't do it. Return true

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp