NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commitbd029bc

committed

From: Tom Lane <tgl@sss.pgh.pa.us>The attached patches respond to discussion that was on pgsql-hackersaround the beginning of June (see thread "libpgtcl bug (and symptomatictreatment)"). The changes are:1. Remove code in connectDB that throws away the password after makinga connection. This doesn't really add much security IMHO --- a bad guywith access to your client's address space can likely extract thepassword anyway, to say nothing of what he might do directly. Andthere's the serious shortcoming that it prevents PQreset() from workingif the database requires a password.2. Fix coredump problem: fe_sendauth did not guard against being handeda NULL password pointer. (This is the proximate cause of the coredump-during-PQreset problem that Magosanyi Arpad complained of last month.)3. Remove highly questionable "error recovery" logic in libpgtcl'spg_exec statement.I believe the consensus of the discussion last month was in favor of#1 and#3, but I'm just now getting around to making the change.I realized that#2 was a bug in process of looking at the change.

1 parentce81267 commitbd029bcCopy full SHA for bd029bc

File tree

3 files changed

+10

-32

lines changed

src/interfaces
- libpgtcl
  - pgtclCmds.c
- libpq
  - fe-auth.c
  - fe-connect.c

3 files changed

+10

-32

lines changed

`‎src/interfaces/libpgtcl/pgtclCmds.c`

Lines changed: 2 additions & 19 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`*`
`8`	`8`	`*`
`9`	`9`	`* IDENTIFICATION`
`10`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.27 1998/06/16 06:53:27 momjian Exp $`
	`10`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpgtcl/Attic/pgtclCmds.c,v 1.28 1998/07/09 03:32:09 scrappy Exp $`
`11`	`11`	`*`
`12`	`12`	`*-------------------------------------------------------------------------`
`13`	`13`	`*/`
`@@ -441,24 +441,7 @@ Pg_exec(ClientData cData, Tcl_Interp interp, int argc, char argv[])`
`441`	`441`	`}`
`442`	`442`	`else {`
`443`	`443`	`/* error occurred during the query */`
`444`		`-Tcl_SetResult(interp,conn->errorMessage,TCL_STATIC);`
`445`		`-if (connStatus!=CONNECTION_OK) {`
`446`		`-/* Is this REALLY a good idea? I don't think so! */`
`447`		`-PQreset(conn);`
`448`		`-if (conn->status==CONNECTION_OK) {`
`449`		`-result=PQexec(conn,argv[2]);`
`450`		`-PgNotifyTransferEvents(connid);`
`451`		`-if (result) {`
`452`		`-intrId=PgSetResultId(interp,argv[1],result);`
`453`		`-if (result->resultStatus==PGRES_COPY_IN\|\|`
`454`		`-result->resultStatus==PGRES_COPY_OUT) {`
`455`		`-connid->res_copyStatus=RES_COPY_INPROGRESS;`
`456`		`-connid->res_copy=rId;`
`457`		`- }`
`458`		`-returnTCL_OK;`
`459`		`-}`
`460`		`- }`
`461`		`-}`
	`444`	`+Tcl_SetResult(interp,conn->errorMessage,TCL_VOLATILE);`
`462`	`445`	`returnTCL_ERROR;`
`463`	`446`	`}`
`464`	`447`	`}`

`‎src/interfaces/libpq/fe-auth.c`

Lines changed: 7 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`*`
`8`	`8`	`*`
`9`	`9`	`* IDENTIFICATION`
`10`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.18 1998/07/03 04:24:11 momjian Exp $`
	`10`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.19 1998/07/09 03:32:09 scrappy Exp $`
`11`	`11`	`*`
`12`	`12`	`*-------------------------------------------------------------------------`
`13`	`13`	`*/`
`@@ -522,6 +522,12 @@ fe_sendauth(AuthRequest areq, PGconn conn, const char hostname,`
`522`	`522`
`523`	`523`	`caseAUTH_REQ_PASSWORD:`
`524`	`524`	`caseAUTH_REQ_CRYPT:`
	`525`	`+if (password==NULL\|\|*password=='\0')`
	`526`	`+{`
	`527`	`+(void)sprintf(PQerrormsg,`
	`528`	`+"fe_sendauth: no password supplied\n");`
	`529`	`+return (STATUS_ERROR);`
	`530`	`+}`
`525`	`531`	`if (pg_password_sendauth(conn,password,areq)!=STATUS_OK)`
`526`	`532`	`{`
`527`	`533`	`(void)sprintf(PQerrormsg,`

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 1 addition & 12 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,7 +7,7 @@`
`7`	`7`	`*`
`8`	`8`	`*`
`9`	`9`	`* IDENTIFICATION`
`10`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.73 1998/07/09 03:29:07 scrappy Exp $`
	`10`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.74 1998/07/09 03:32:10 scrappy Exp $`
`11`	`11`	`*`
`12`	`12`	`*-------------------------------------------------------------------------`
`13`	`13`	`*/`
`@@ -768,17 +768,6 @@ connectDB(PGconn *conn)`
`768`	`768`
`769`	`769`	`PQsetenv(conn);`
`770`	`770`
`771`		`-/* Free the password so it's not hanging out in memory forever */`
`772`		`-/* XXX Is this really a good idea? The security gain is marginal`
`773`		`- * if not totally illusory, and it breaks PQreset() for databases`
`774`		`- * that use passwords.`
`775`		`- */`
`776`		`-if (conn->pgpass!=NULL)`
`777`		`-{`
`778`		`-free(conn->pgpass);`
`779`		`-conn->pgpass=NULL;`
`780`		`-}`
`781`		`-`
`782`	`771`	`returnCONNECTION_OK;`
`783`	`772`
`784`	`773`	`connect_errReturn:`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitbd029bc

File tree

3 files changed

3 files changed

`‎src/interfaces/libpgtcl/pgtclCmds.c`

`‎src/interfaces/libpq/fe-auth.c`

`‎src/interfaces/libpq/fe-connect.c`

0 commit comments