NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commite7a2217

committed

Parse more strictly integer parameters from connection strings in libpq

The following parameters have been parsed in lossy ways when specifiedin a connection string processed by libpq:- connect_timeout- keepalives- keepalives_count- keepalives_idle- keepalives_interval- portOverflowing values or the presence of incorrect characters were notproperly checked, leading to libpq trying to use such values and failwith unhelpful error messages. This commit hardens the parsing of thoseparameters so as it is possible to find easily incorrect values.Author: Fabien CoelhoReviewed-by: Peter Eisentraut, Michael PaquierDiscussion:https://postgr.es/m/alpine.DEB.2.21.1808171206180.20841@lancre

1 parent0d45cd9 commite7a2217Copy full SHA for e7a2217

File tree

1 file changed

+54

-9

lines changed

src/interfaces/libpq
- fe-connect.c

1 file changed

+54

-9

lines changed

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 54 additions & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1587,6 +1587,34 @@ useKeepalives(PGconn *conn)`
`1587`	`1587`	`returnval!=0 ?1 :0;`
`1588`	`1588`	`}`
`1589`	`1589`
	`1590`	`+/*`
	`1591`	`+ * Parse and try to interpret "value" as an integer value, and if successful,`
	`1592`	`+ * store it in *result, complaining if there is any trailing garbage or an`
	`1593`	`+ * overflow.`
	`1594`	`+ */`
	`1595`	`+staticbool`
	`1596`	`+parse_int_param(constcharvalue,intresult,PGconn*conn,`
	`1597`	`+constchar*context)`
	`1598`	`+{`
	`1599`	`+char*end;`
	`1600`	`+longnumval;`
	`1601`	`+`
	`1602`	`+*result=0;`
	`1603`	`+`
	`1604`	`+errno=0;`
	`1605`	`+numval=strtol(value,&end,10);`
	`1606`	`+if (errno==0&&*end=='\0'&&numval== (int)numval)`
	`1607`	`+{`
	`1608`	`+*result=numval;`
	`1609`	`+return true;`
	`1610`	`+}`
	`1611`	`+`
	`1612`	`+appendPQExpBuffer(&conn->errorMessage,`
	`1613`	`+libpq_gettext("invalid integer value \"%s\" for keyword \"%s\"\n"),`
	`1614`	`+value,context);`
	`1615`	`+return false;`
	`1616`	`+}`
	`1617`	`+`
`1590`	`1618`	`#ifndefWIN32`
`1591`	`1619`	`/*`
`1592`	`1620`	`* Set the keepalive idle timer.`
`@@ -1599,7 +1627,9 @@ setKeepalivesIdle(PGconn *conn)`
`1599`	`1627`	`if (conn->keepalives_idle==NULL)`
`1600`	`1628`	`return1;`
`1601`	`1629`
`1602`		`-idle=atoi(conn->keepalives_idle);`
	`1630`	`+if (!parse_int_param(conn->keepalives_idle,&idle,conn,`
	`1631`	`+"keepalives_idle"))`
	`1632`	`+return0;`
`1603`	`1633`	`if (idle<0)`
`1604`	`1634`	`idle=0;`
`1605`	`1635`
`@@ -1631,7 +1661,9 @@ setKeepalivesInterval(PGconn *conn)`
`1631`	`1661`	`if (conn->keepalives_interval==NULL)`
`1632`	`1662`	`return1;`
`1633`	`1663`
`1634`		`-interval=atoi(conn->keepalives_interval);`
	`1664`	`+if (!parse_int_param(conn->keepalives_interval,&interval,conn,`
	`1665`	`+"keepalives_interval"))`
	`1666`	`+return0;`
`1635`	`1667`	`if (interval<0)`
`1636`	`1668`	`interval=0;`
`1637`	`1669`
`@@ -1664,7 +1696,9 @@ setKeepalivesCount(PGconn *conn)`
`1664`	`1696`	`if (conn->keepalives_count==NULL)`
`1665`	`1697`	`return1;`
`1666`	`1698`
`1667`		`-count=atoi(conn->keepalives_count);`
	`1699`	`+if (!parse_int_param(conn->keepalives_count,&count,conn,`
	`1700`	`+"keepalives_count"))`
	`1701`	`+return0;`
`1668`	`1702`	`if (count<0)`
`1669`	`1703`	`count=0;`
`1670`	`1704`
`@@ -1698,13 +1732,17 @@ setKeepalivesWin32(PGconn *conn)`
`1698`	`1732`	`intidle=0;`
`1699`	`1733`	`intinterval=0;`
`1700`	`1734`
`1701`		`-if (conn->keepalives_idle)`
`1702`		`-idle=atoi(conn->keepalives_idle);`
	`1735`	`+if (conn->keepalives_idle&&`
	`1736`	`+!parse_int_param(conn->keepalives_idle,&idle,conn,`
	`1737`	`+"keepalives_idle"))`
	`1738`	`+return0;`
`1703`	`1739`	`if (idle <=0)`
`1704`	`1740`	`idle=26060;/* 2 hours = default */`
`1705`	`1741`
`1706`		`-if (conn->keepalives_interval)`
`1707`		`-interval=atoi(conn->keepalives_interval);`
	`1742`	`+if (conn->keepalives_interval&&`
	`1743`	`+!parse_int_param(conn->keepalives_interval,&interval,conn,`
	`1744`	`+"keepalives_interval"))`
	`1745`	`+return0;`
`1708`	`1746`	`if (interval <=0)`
`1709`	`1747`	`interval=1;/* 1 second = default */`
`1710`	`1748`
`@@ -1831,7 +1869,10 @@ connectDBComplete(PGconn *conn)`
`1831`	`1869`	`*/`
`1832`	`1870`	`if (conn->connect_timeout!=NULL)`
`1833`	`1871`	`{`
`1834`		`-timeout=atoi(conn->connect_timeout);`
	`1872`	`+if (!parse_int_param(conn->connect_timeout,&timeout,conn,`
	`1873`	`+"connect_timeout"))`
	`1874`	`+return0;`
	`1875`	`+`
`1835`	`1876`	`if (timeout>0)`
`1836`	`1877`	`{`
`1837`	`1878`	`/*`
`@@ -1842,6 +1883,8 @@ connectDBComplete(PGconn *conn)`
`1842`	`1883`	`if (timeout<2)`
`1843`	`1884`	`timeout=2;`
`1844`	`1885`	`}`
	`1886`	`+else/* negative means 0 */`
	`1887`	`+timeout=0;`
`1845`	`1888`	`}`
`1846`	`1889`
`1847`	`1890`	`for (;;)`
`@@ -2108,7 +2151,9 @@ PQconnectPoll(PGconn *conn)`
`2108`	`2151`	`thisport=DEF_PGPORT;`
`2109`	`2152`	`else`
`2110`	`2153`	`{`
`2111`		`-thisport=atoi(ch->port);`
	`2154`	`+if (!parse_int_param(ch->port,&thisport,conn,"port"))`
	`2155`	`+gotoerror_return;`
	`2156`	`+`
`2112`	`2157`	`if (thisport<1\|\|thisport>65535)`
`2113`	`2158`	`{`
`2114`	`2159`	`appendPQExpBuffer(&conn->errorMessage,`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commite7a2217

File tree

1 file changed

1 file changed

`‎src/interfaces/libpq/fe-connect.c`

0 commit comments