Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commite8b22a8

Browse files
committed
Fix bugs in libpq's management of GSS encryption state.
GSS-related resources should be cleaned up in pqDropConnection,not freePGconn, else the wrong things happen when resettinga connection or trying to switch to a different server.It's also critical to reset conn->gssenc there.During connection setup, initialize conn->try_gss at the correctplace, else switching to a different server won't work right.Remove now-redundant cleanup of GSS resources around one (and, forsome reason, only one) pqDropConnection call in connectDBStart.Per report from Kyotaro Horiguchi that psql would freeze up,rather than successfully resetting a GSS-encrypted connectionafter a server restart.This is YA oversight in commitb0b39f7, so back-patch to v12.Discussion:https://postgr.es/m/20200710.173803.435804731896516388.horikyota.ntt@gmail.com
1 parent5fea14f commite8b22a8

File tree

1 file changed

+9
-28
lines changed

1 file changed

+9
-28
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 9 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -455,6 +455,11 @@ pqDropConnection(PGconn *conn, bool flushInput)
455455
{
456456
OM_uint32min_s;
457457

458+
if (conn->gcred!=GSS_C_NO_CREDENTIAL)
459+
{
460+
gss_release_cred(&min_s,&conn->gcred);
461+
conn->gcred=GSS_C_NO_CREDENTIAL;
462+
}
458463
if (conn->gctx)
459464
gss_delete_sec_context(&min_s,&conn->gctx,GSS_C_NO_BUFFER);
460465
if (conn->gtarg_nam)
@@ -474,6 +479,7 @@ pqDropConnection(PGconn *conn, bool flushInput)
474479
free(conn->gss_ResultBuffer);
475480
conn->gss_ResultBuffer=NULL;
476481
}
482+
conn->gssenc= false;
477483
}
478484
#endif
479485
#ifdefENABLE_SSPI
@@ -1936,11 +1942,6 @@ connectDBStart(PGconn *conn)
19361942
*/
19371943
resetPQExpBuffer(&conn->errorMessage);
19381944

1939-
#ifdefENABLE_GSS
1940-
if (conn->gssencmode[0]=='d')/* "disable" */
1941-
conn->try_gss= false;
1942-
#endif
1943-
19441945
/*
19451946
* Set up to try to connect to the first host. (Setting whichhost = -1 is
19461947
* a bit of a cheat, but PQconnectPoll will advance it to 0 before
@@ -2380,6 +2381,9 @@ PQconnectPoll(PGconn *conn)
23802381
conn->allow_ssl_try= (conn->sslmode[0]!='d');/* "disable" */
23812382
conn->wait_ssl_try= (conn->sslmode[0]=='a');/* "allow" */
23822383
#endif
2384+
#ifdefENABLE_GSS
2385+
conn->try_gss= (conn->gssencmode[0]!='d');/* "disable" */
2386+
#endif
23832387

23842388
reset_connection_state_machine= false;
23852389
need_new_connection= true;
@@ -3259,12 +3263,8 @@ PQconnectPoll(PGconn *conn)
32593263
*/
32603264
if (conn->gssenc&&conn->gssencmode[0]=='p')
32613265
{
3262-
OM_uint32minor;
3263-
32643266
/* postmaster expects us to drop the connection */
32653267
conn->try_gss= false;
3266-
conn->gssenc= false;
3267-
gss_delete_sec_context(&minor,&conn->gctx,NULL);
32683268
pqDropConnection(conn, true);
32693269
conn->status=CONNECTION_NEEDED;
32703270
gotokeep_going;
@@ -3838,9 +3838,6 @@ makeEmptyPGconn(void)
38383838
conn->verbosity=PQERRORS_DEFAULT;
38393839
conn->show_context=PQSHOW_CONTEXT_ERRORS;
38403840
conn->sock=PGINVALID_SOCKET;
3841-
#ifdefENABLE_GSS
3842-
conn->try_gss= true;
3843-
#endif
38443841

38453842
/*
38463843
* We try to send at least 8K at a time, which is the usual size of pipe
@@ -3980,22 +3977,6 @@ freePGconn(PGconn *conn)
39803977
free(conn->gsslib);
39813978
if (conn->connip)
39823979
free(conn->connip);
3983-
#ifdefENABLE_GSS
3984-
if (conn->gcred!=GSS_C_NO_CREDENTIAL)
3985-
{
3986-
OM_uint32minor;
3987-
3988-
gss_release_cred(&minor,&conn->gcred);
3989-
conn->gcred=GSS_C_NO_CREDENTIAL;
3990-
}
3991-
if (conn->gctx)
3992-
{
3993-
OM_uint32minor;
3994-
3995-
gss_delete_sec_context(&minor,&conn->gctx,GSS_C_NO_BUFFER);
3996-
conn->gctx=NULL;
3997-
}
3998-
#endif
39993980
/* Note that conn->Pfdebug is not ours to close or free */
40003981
if (conn->last_query)
40013982
free(conn->last_query);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp