Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit8e6f134

Browse files
committed
Fix bugs in libpq's management of GSS encryption state.
GSS-related resources should be cleaned up in pqDropConnection,not freePGconn, else the wrong things happen when resettinga connection or trying to switch to a different server.It's also critical to reset conn->gssenc there.During connection setup, initialize conn->try_gss at the correctplace, else switching to a different server won't work right.Remove now-redundant cleanup of GSS resources around one (and, forsome reason, only one) pqDropConnection call in connectDBStart.Per report from Kyotaro Horiguchi that psql would freeze up,rather than successfully resetting a GSS-encrypted connectionafter a server restart.This is YA oversight in commitb0b39f7, so back-patch to v12.Discussion:https://postgr.es/m/20200710.173803.435804731896516388.horikyota.ntt@gmail.com
1 parentae29005 commit8e6f134

File tree

1 file changed

+9
-28
lines changed

1 file changed

+9
-28
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 9 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -477,6 +477,11 @@ pqDropConnection(PGconn *conn, bool flushInput)
477477
{
478478
OM_uint32min_s;
479479

480+
if (conn->gcred!=GSS_C_NO_CREDENTIAL)
481+
{
482+
gss_release_cred(&min_s,&conn->gcred);
483+
conn->gcred=GSS_C_NO_CREDENTIAL;
484+
}
480485
if (conn->gctx)
481486
gss_delete_sec_context(&min_s,&conn->gctx,GSS_C_NO_BUFFER);
482487
if (conn->gtarg_nam)
@@ -496,6 +501,7 @@ pqDropConnection(PGconn *conn, bool flushInput)
496501
free(conn->gss_ResultBuffer);
497502
conn->gss_ResultBuffer=NULL;
498503
}
504+
conn->gssenc= false;
499505
}
500506
#endif
501507
#ifdefENABLE_SSPI
@@ -2023,11 +2029,6 @@ connectDBStart(PGconn *conn)
20232029
*/
20242030
resetPQExpBuffer(&conn->errorMessage);
20252031

2026-
#ifdefENABLE_GSS
2027-
if (conn->gssencmode[0]=='d')/* "disable" */
2028-
conn->try_gss= false;
2029-
#endif
2030-
20312032
/*
20322033
* Set up to try to connect to the first host. (Setting whichhost = -1 is
20332034
* a bit of a cheat, but PQconnectPoll will advance it to 0 before
@@ -2464,6 +2465,9 @@ PQconnectPoll(PGconn *conn)
24642465
conn->allow_ssl_try= (conn->sslmode[0]!='d');/* "disable" */
24652466
conn->wait_ssl_try= (conn->sslmode[0]=='a');/* "allow" */
24662467
#endif
2468+
#ifdefENABLE_GSS
2469+
conn->try_gss= (conn->gssencmode[0]!='d');/* "disable" */
2470+
#endif
24672471

24682472
reset_connection_state_machine= false;
24692473
need_new_connection= true;
@@ -3345,12 +3349,8 @@ PQconnectPoll(PGconn *conn)
33453349
*/
33463350
if (conn->gssenc&&conn->gssencmode[0]=='p')
33473351
{
3348-
OM_uint32minor;
3349-
33503352
/* postmaster expects us to drop the connection */
33513353
conn->try_gss= false;
3352-
conn->gssenc= false;
3353-
gss_delete_sec_context(&minor,&conn->gctx,NULL);
33543354
pqDropConnection(conn, true);
33553355
conn->status=CONNECTION_NEEDED;
33563356
gotokeep_going;
@@ -3902,9 +3902,6 @@ makeEmptyPGconn(void)
39023902
conn->verbosity=PQERRORS_DEFAULT;
39033903
conn->show_context=PQSHOW_CONTEXT_ERRORS;
39043904
conn->sock=PGINVALID_SOCKET;
3905-
#ifdefENABLE_GSS
3906-
conn->try_gss= true;
3907-
#endif
39083905

39093906
/*
39103907
* We try to send at least 8K at a time, which is the usual size of pipe
@@ -4061,22 +4058,6 @@ freePGconn(PGconn *conn)
40614058
free(conn->gsslib);
40624059
if (conn->connip)
40634060
free(conn->connip);
4064-
#ifdefENABLE_GSS
4065-
if (conn->gcred!=GSS_C_NO_CREDENTIAL)
4066-
{
4067-
OM_uint32minor;
4068-
4069-
gss_release_cred(&minor,&conn->gcred);
4070-
conn->gcred=GSS_C_NO_CREDENTIAL;
4071-
}
4072-
if (conn->gctx)
4073-
{
4074-
OM_uint32minor;
4075-
4076-
gss_delete_sec_context(&minor,&conn->gctx,GSS_C_NO_BUFFER);
4077-
conn->gctx=NULL;
4078-
}
4079-
#endif
40804061
/* Note that conn->Pfdebug is not ours to close or free */
40814062
if (conn->last_query)
40824063
free(conn->last_query);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp