Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitc5ef8ce

Browse files
committed
Be more paranoid about null return values from libpq status functions.
PQhost() can return NULL in non-error situations, namely when a Unix-socketconnection has been selected by default. That behavior is a tad debatableperhaps, but for the moment we should make sure that psql copes with it.Unfortunately, do_connect() failed to: it could pass a NULL pointer tostrcmp(), resulting in crashes on most platforms. This was reported as asecurity issue by ChenQin of Topsec Security Team, but the consensus ofthe security list is that it's just a garden-variety bug with no securityimplications.For paranoia's sake, I made the keep_password test not trust PQuser orPQport either, even though I believe those will never return NULL givena valid PGconn.Back-patch to all supported branches.
1 parent4616619 commitc5ef8ce

File tree

1 file changed

+12
-9
lines changed

1 file changed

+12
-9
lines changed

‎src/bin/psql/command.c

Lines changed: 12 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1750,14 +1750,17 @@ do_connect(char *dbname, char *user, char *host, char *port)
17501750
/*
17511751
* Any change in the parameters read above makes us discard the password.
17521752
* We also discard it if we're to use a conninfo rather than the
1753-
* positional syntax.
1753+
* positional syntax. Note that currently, PQhost() can return NULL for a
1754+
* default Unix-socket connection, so we have to allow NULL for host.
17541755
*/
1755-
keep_password=
1756-
(o_conn&&
1757-
(strcmp(user,PQuser(o_conn))==0)&&
1758-
(!host||strcmp(host,PQhost(o_conn))==0)&&
1759-
(strcmp(port,PQport(o_conn))==0)&&
1760-
!has_connection_string);
1756+
if (has_connection_string)
1757+
keep_password= false;
1758+
else
1759+
keep_password=
1760+
(user&&PQuser(o_conn)&&strcmp(user,PQuser(o_conn))==0)&&
1761+
((host&&PQhost(o_conn)&&strcmp(host,PQhost(o_conn))==0)||
1762+
(host==NULL&&PQhost(o_conn)==NULL))&&
1763+
(port&&PQport(o_conn)&&strcmp(port,PQport(o_conn))==0);
17611764

17621765
/*
17631766
* Grab dbname from old connection unless supplied by caller. No password
@@ -1769,8 +1772,8 @@ do_connect(char *dbname, char *user, char *host, char *port)
17691772
/*
17701773
* If the user asked to be prompted for a password, ask for one now. If
17711774
* not, use the password from the old connection, provided the username
1772-
*hasnot changed. Otherwise, try to connect without a password first,
1773-
* and then ask for a password if needed.
1775+
*etc havenot changed. Otherwise, try to connect without a password
1776+
*first,and then ask for a password if needed.
17741777
*
17751778
* XXX: this behavior leads to spurious connection attempts recorded in
17761779
* the postmaster's log. But libpq offers no API that would let us obtain

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp