Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd3befe9

Browse files
committed
Fix unportable use of getnameinfo() in pg_hba_file_rules view.
fill_hba_line() thought it could get away with passing sizeof(structsockaddr_storage) rather than the actual addrlen previously returnedby getaddrinfo(). While that appears to work on many platforms,it does not work on FreeBSD 11: you get back a failure, which leadsto the view showing NULL for the address and netmask columns in allrows. The POSIX spec for getnameinfo() is pretty clearly onFreeBSD's side here: you should pass the actual address length.So it seems plausible that there are other platforms where thiscoding also fails, and we just hadn't noticed.Also, IMO the fact that getnameinfo() failure leads to a NULL outputis pretty bogus in itself. Our pg_getnameinfo_all() wrapper iscareful to emit "???" on failure, and we should use that in suchcases. NULL should only be emitted in rows that don't have IPaddresses.Per bug #16695 from Peter Vandivier. Back-patch to v10 where thiscode was added.Discussion:https://postgr.es/m/16695-a665558e2f630be7@postgresql.org
1 parent5ba4987 commitd3befe9

File tree

2 files changed

+27
-10
lines changed

2 files changed

+27
-10
lines changed

‎src/backend/libpq/hba.c

Lines changed: 21 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1166,8 +1166,11 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
11661166

11671167
ret=pg_getaddrinfo_all(str,NULL,&hints,&gai_result);
11681168
if (ret==0&&gai_result)
1169+
{
11691170
memcpy(&parsedline->addr,gai_result->ai_addr,
11701171
gai_result->ai_addrlen);
1172+
parsedline->addrlen=gai_result->ai_addrlen;
1173+
}
11711174
elseif (ret==EAI_NONAME)
11721175
parsedline->hostname=str;
11731176
else
@@ -1216,6 +1219,7 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
12161219
token->string);
12171220
returnNULL;
12181221
}
1222+
parsedline->masklen=parsedline->addrlen;
12191223
pfree(str);
12201224
}
12211225
elseif (!parsedline->hostname)
@@ -1266,6 +1270,7 @@ parse_hba_line(TokenizedLine *tok_line, int elevel)
12661270

12671271
memcpy(&parsedline->mask,gai_result->ai_addr,
12681272
gai_result->ai_addrlen);
1273+
parsedline->masklen=gai_result->ai_addrlen;
12691274
pg_freeaddrinfo_all(hints.ai_family,gai_result);
12701275

12711276
if (parsedline->addr.ss_family!=parsedline->mask.ss_family)
@@ -2518,20 +2523,26 @@ fill_hba_line(Tuplestorestate *tuple_store, TupleDesc tupdesc,
25182523
}
25192524
else
25202525
{
2521-
if (pg_getnameinfo_all(&hba->addr,sizeof(hba->addr),
2522-
buffer,sizeof(buffer),
2523-
NULL,0,
2524-
NI_NUMERICHOST)==0)
2526+
/*
2527+
* Note: if pg_getnameinfo_all fails, it'll set buffer to
2528+
* "???", which we want to return.
2529+
*/
2530+
if (hba->addrlen>0)
25252531
{
2526-
clean_ipv6_addr(hba->addr.ss_family,buffer);
2532+
if (pg_getnameinfo_all(&hba->addr,hba->addrlen,
2533+
buffer,sizeof(buffer),
2534+
NULL,0,
2535+
NI_NUMERICHOST)==0)
2536+
clean_ipv6_addr(hba->addr.ss_family,buffer);
25272537
addrstr=pstrdup(buffer);
25282538
}
2529-
if (pg_getnameinfo_all(&hba->mask,sizeof(hba->mask),
2530-
buffer,sizeof(buffer),
2531-
NULL,0,
2532-
NI_NUMERICHOST)==0)
2539+
if (hba->masklen>0)
25332540
{
2534-
clean_ipv6_addr(hba->mask.ss_family,buffer);
2541+
if (pg_getnameinfo_all(&hba->mask,hba->masklen,
2542+
buffer,sizeof(buffer),
2543+
NULL,0,
2544+
NI_NUMERICHOST)==0)
2545+
clean_ipv6_addr(hba->mask.ss_family,buffer);
25352546
maskstr=pstrdup(buffer);
25362547
}
25372548
}

‎src/include/libpq/hba.h

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,10 @@ typedef enum UserAuth
4242
#defineUSER_AUTH_LASTuaPeer/* Must be last value of this enum */
4343
}UserAuth;
4444

45+
/*
46+
* Data structures representing pg_hba.conf entries
47+
*/
48+
4549
typedefenumIPCompareMethod
4650
{
4751
ipCmpMask,
@@ -108,6 +112,8 @@ typedef struct HbaLine
108112
char*radiusidentifiers_s;
109113
List*radiusports;
110114
char*radiusports_s;
115+
intaddrlen;/* zero if we don't have a valid addr */
116+
intmasklen;/* zero if we don't have a valid mask */
111117
}HbaLine;
112118

113119
typedefstructIdentLine

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp