NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit9a1d0af

committed

Code review for commit274bb2b.

Avoid memory leak in conninfo_uri_parse_options. Use the current hostrather than the comma-separated list of host names when the host nameis needed for GSS, SSPI, or SSL authentication. Document the wayconnect_timeout interacts with multiple host specifications.Takayuki Tsunakawa

1 parent906bfca commit9a1d0afCopy full SHA for 9a1d0af

File tree

4 files changed

+23

-14

lines changed

doc/src/sgml
- libpq.sgml
src/interfaces/libpq

4 files changed

+23

-14

lines changed

`‎doc/src/sgml/libpq.sgml`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -1009,6 +1009,10 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname`
`1009`	`1009`	`Maximum wait for connection, in seconds (write as a decimal integer`
`1010`	`1010`	`string). Zero or not specified means wait indefinitely. It is not`
`1011`	`1011`	`recommended to use a timeout of less than 2 seconds.`
	`1012`	`+ This timeout applies separately to each connection attempt.`
	`1013`	`+ For example, if you specify two hosts and both of them are unreachable,`
	`1014`	`+ and <literal>connect_timeout</> is 5, the total time spent waiting for a`
	`1015`	`+ connection might be up to 10 seconds.`
`1012`	`1016`	`</para>`
`1013`	`1017`	`</listitem>`
`1014`	`1018`	`</varlistentry>`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -170,8 +170,9 @@ pg_GSS_startup(PGconn *conn)`
`170`	`170`	`min_stat;`
`171`	`171`	`intmaxlen;`
`172`	`172`	`gss_buffer_desctemp_gbuf;`
	`173`	`+char*host=PQhost(conn);`
`173`	`174`
`174`		`-if (!(conn->pghost&&conn->pghost[0]!='\0'))`
	`175`	`+if (!(host&&host[0]!='\0'))`
`175`	`176`	`{`
`176`	`177`	`printfPQExpBuffer(&conn->errorMessage,`
`177`	`178`	`libpq_gettext("host name must be specified\n"));`
`@@ -198,7 +199,7 @@ pg_GSS_startup(PGconn *conn)`
`198`	`199`	`returnSTATUS_ERROR;`
`199`	`200`	`}`
`200`	`201`	`snprintf(temp_gbuf.value,maxlen,"%s@%s",`
`201`		`-conn->krbsrvname,conn->pghost);`
	`202`	`+conn->krbsrvname,host);`
`202`	`203`	`temp_gbuf.length=strlen(temp_gbuf.value);`
`203`	`204`
`204`	`205`	`maj_stat=gss_import_name(&min_stat,&temp_gbuf,`
`@@ -371,6 +372,7 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate)`
`371`	`372`	`{`
`372`	`373`	`SECURITY_STATUSr;`
`373`	`374`	`TimeStampexpire;`
	`375`	`+char*host=PQhost(conn);`
`374`	`376`
`375`	`377`	`conn->sspictx=NULL;`
`376`	`378`
`@@ -406,19 +408,19 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate)`
`406`	`408`	`* but not more complex. We can skip the @REALM part, because Windows will`
`407`	`409`	`* fill that in for us automatically.`
`408`	`410`	`*/`
`409`		`-if (!(conn->pghost&&conn->pghost[0]!='\0'))`
	`411`	`+if (!(host&&host[0]!='\0'))`
`410`	`412`	`{`
`411`	`413`	`printfPQExpBuffer(&conn->errorMessage,`
`412`	`414`	`libpq_gettext("host name must be specified\n"));`
`413`	`415`	`returnSTATUS_ERROR;`
`414`	`416`	`}`
`415`		`-conn->sspitarget=malloc(strlen(conn->krbsrvname)+strlen(conn->pghost)+2);`
	`417`	`+conn->sspitarget=malloc(strlen(conn->krbsrvname)+strlen(host)+2);`
`416`	`418`	`if (!conn->sspitarget)`
`417`	`419`	`{`
`418`	`420`	`printfPQExpBuffer(&conn->errorMessage,libpq_gettext("out of memory\n"));`
`419`	`421`	`returnSTATUS_ERROR;`
`420`	`422`	`}`
`421`		`-sprintf(conn->sspitarget,"%s/%s",conn->krbsrvname,conn->pghost);`
	`423`	`+sprintf(conn->sspitarget,"%s/%s",conn->krbsrvname,host);`
`422`	`424`
`423`	`425`	`/*`
`424`	`426`	`* Indicate that we're in SSPI authentication mode to make sure that`

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 5 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -4931,7 +4931,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4931`	`4931`	`{`
`4932`	`4932`	`intprefix_len;`
`4933`	`4933`	`char*p;`
`4934`		`-char*buf;`
	`4934`	`+char*buf=NULL;`
`4935`	`4935`	`char*start;`
`4936`	`4936`	`charprevchar='\0';`
`4937`	`4937`	`char*user=NULL;`
`@@ -4946,7 +4946,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4946`	`4946`	`{`
`4947`	`4947`	`printfPQExpBuffer(errorMessage,`
`4948`	`4948`	`libpq_gettext("out of memory\n"));`
`4949`		`-return false;`
	`4949`	`+gotocleanup;`
`4950`	`4950`	`}`
`4951`	`4951`
`4952`	`4952`	`/* need a modifiable copy of the input URI */`
`@@ -4955,7 +4955,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4955`	`4955`	`{`
`4956`	`4956`	`printfPQExpBuffer(errorMessage,`
`4957`	`4957`	`libpq_gettext("out of memory\n"));`
`4958`		`-return false;`
	`4958`	`+gotocleanup;`
`4959`	`4959`	`}`
`4960`	`4960`	`start=buf;`
`4961`	`4961`
`@@ -5156,7 +5156,8 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`5156`	`5156`	`cleanup:`
`5157`	`5157`	`termPQExpBuffer(&hostbuf);`
`5158`	`5158`	`termPQExpBuffer(&portbuf);`
`5159`		`-free(buf);`
	`5159`	`+if (buf)`
	`5160`	`+free(buf);`
`5160`	`5161`	`returnretval;`
`5161`	`5162`	`}`
`5162`	`5163`

`‎src/interfaces/libpq/fe-secure-openssl.c`

Lines changed: 7 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -483,6 +483,7 @@ verify_peer_name_matches_certificate_name(PGconn conn, ASN1_STRING name_entry,`
`483`	`483`	`char*name;`
`484`	`484`	`constunsignedchar*namedata;`
`485`	`485`	`intresult;`
	`486`	`+char*host=PQhost(conn);`
`486`	`487`
`487`	`488`	`*store_name=NULL;`
`488`	`489`
`@@ -528,12 +529,12 @@ verify_peer_name_matches_certificate_name(PGconn conn, ASN1_STRING name_entry,`
`528`	`529`	`return-1;`
`529`	`530`	`}`
`530`	`531`
`531`		`-if (pg_strcasecmp(name,conn->pghost)==0)`
	`532`	`+if (pg_strcasecmp(name,host)==0)`
`532`	`533`	`{`
`533`	`534`	`/* Exact name match */`
`534`	`535`	`result=1;`
`535`	`536`	`}`
`536`		`-elseif (wildcard_certificate_match(name,conn->pghost))`
	`537`	`+elseif (wildcard_certificate_match(name,host))`
`537`	`538`	`{`
`538`	`539`	`/* Matched wildcard name */`
`539`	`540`	`result=1;`
`@@ -563,6 +564,7 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`563`	`564`	`STACK_OF(GENERAL_NAME)*peer_san;`
`564`	`565`	`inti;`
`565`	`566`	`intrc;`
	`567`	`+char*host=PQhost(conn);`
`566`	`568`
`567`	`569`	`/*`
`568`	`570`	`* If told not to verify the peer name, don't do it. Return true`
`@@ -572,7 +574,7 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`572`	`574`	`return true;`
`573`	`575`
`574`	`576`	`/* Check that we have a hostname to compare with. */`
`575`		`-if (!(conn->pghost&&conn->pghost[0]!='\0'))`
	`577`	`+if (!(host&&host[0]!='\0'))`
`576`	`578`	`{`
`577`	`579`	`printfPQExpBuffer(&conn->errorMessage,`
`578`	`580`	`libpq_gettext("host name must be specified for a verified SSL connection\n"));`
`@@ -670,13 +672,13 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`670`	`672`	`libpq_ngettext("server certificate for \"%s\" (and %d other name) does not match host name \"%s\"\n",`
`671`	`673`	`"server certificate for \"%s\" (and %d other names) does not match host name \"%s\"\n",`
`672`	`674`	`names_examined-1),`
`673`		`-first_name,names_examined-1,conn->pghost);`
	`675`	`+first_name,names_examined-1,host);`
`674`	`676`	`}`
`675`	`677`	`elseif (names_examined==1)`
`676`	`678`	`{`
`677`	`679`	`printfPQExpBuffer(&conn->errorMessage,`
`678`	`680`	`libpq_gettext("server certificate for \"%s\" does not match host name \"%s\"\n"),`
`679`		`-first_name,conn->pghost);`
	`681`	`+first_name,host);`
`680`	`682`	`}`
`681`	`683`	`else`
`682`	`684`	`{`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit9a1d0af

File tree

4 files changed

4 files changed

`‎doc/src/sgml/libpq.sgml`

`‎src/interfaces/libpq/fe-auth.c`

`‎src/interfaces/libpq/fe-connect.c`

`‎src/interfaces/libpq/fe-secure-openssl.c`

0 commit comments