NotificationsYou must be signed in to change notification settings
Fork28
Star151

Commit4178b74

committed

Teach libpq to handle arbitrary-length lines in .pgpass files.

Historically there's been a hard-wired assumption here that no line ofa .pgpass file could be as long as NAMEDATALEN*5 bytes. That's a bitshaky to start off with, because (a) there's no reason to suppose thathost names fit in NAMEDATALEN, and (b) this figure fails to allow forbackslash escape characters. However, it fails completely if someonewants to use a very long password, and we're now hearing reports ofpeople wanting to use "security tokens" that can run up to severalhundred bytes. Another angle is that the file is specified to allowcomment lines, but there's no reason to assume that long comment linesaren't possible.Rather than guessing at what might be a more suitable limit, let'sreplace the fixed-size buffer with an expansible PQExpBuffer. Thatadds one malloc/free cycle to the typical use-case, but that's surelypretty cheap relative to the I/O this code has to do.Also, add TAP test cases to exercise this code, because there was notest coverage before.This reverts most of commit2eb3bc5, as there's no longer a need fora warning message about overlength .pgpass lines. (I kept the explicitcheck for comment lines, though.)In HEAD and v13, this also fixes an oversight in74a308c: there's notmuch point in explicit_bzero'ing the line buffer if we only do so in twoof the three exit paths.Back-patch to all supported branches, except that the test case onlygoes back to v10 where src/test/authentication/ was added.Discussion:https://postgr.es/m/4187382.1598909041@sss.pgh.pa.us

1 parent73018f5 commit4178b74Copy full SHA for 4178b74

File tree

2 files changed

+79

-69

lines changed

src
- interfaces/libpq
  - fe-connect.c
- test/authentication/t
  - 001_password.pl

2 files changed

+79

-69

lines changed

`‎src/interfaces/libpq/fe-connect.c`

Lines changed: 52 additions & 67 deletions

Original file line number	Diff line number	Diff line change
`@@ -6933,10 +6933,7 @@ passwordFromFile(const char hostname, const char port, const char *dbname,`
`6933`	`6933`	`{`
`6934`	`6934`	`FILE*fp;`
`6935`	`6935`	`structstatstat_buf;`
`6936`		`-intline_number=0;`
`6937`		`-`
`6938`		`-#defineLINELEN NAMEDATALEN*5`
`6939`		`-charbuf[LINELEN];`
	`6936`	`+PQExpBufferDatabuf;`
`6940`	`6937`
`6941`	`6938`	`if (dbname==NULL\|\|dbname[0]=='\0')`
`6942`	`6939`	`returnNULL;`
`@@ -6992,89 +6989,77 @@ passwordFromFile(const char hostname, const char port, const char *dbname,`
`6992`	`6989`	`if (fp==NULL)`
`6993`	`6990`	`returnNULL;`
`6994`	`6991`
	`6992`	`+/* Use an expansible buffer to accommodate any reasonable line length */`
	`6993`	`+initPQExpBuffer(&buf);`
	`6994`	`+`
`6995`	`6995`	`while (!feof(fp)&& !ferror(fp))`
`6996`	`6996`	`{`
`6997`		`-char*t=buf,`
`6998`		`-*ret,`
`6999`		`-*p1,`
`7000`		`-*p2;`
`7001`		`-intlen;`
`7002`		`-intbuflen;`
	`6997`	`+/* Make sure there's a reasonable amount of room in the buffer */`
	`6998`	`+if (!enlargePQExpBuffer(&buf,128))`
	`6999`	`+break;`
`7003`	`7000`
`7004`		`-if (fgets(buf,sizeof(buf),fp)==NULL)`
	`7001`	`+/* Read some data, appending it to what we already have */`
	`7002`	`+if (fgets(buf.data+buf.len,buf.maxlen-buf.len,fp)==NULL)`
`7005`	`7003`	`break;`
	`7004`	`+buf.len+=strlen(buf.data+buf.len);`
`7006`	`7005`
`7007`		`-line_number++;`
`7008`		`-buflen=strlen(buf);`
`7009`		`-if (buflen >=sizeof(buf)-1&&buf[buflen-1]!='\n')`
	`7006`	`+/* If we don't yet have a whole line, loop around to read more */`
	`7007`	`+if (!(buf.len>0&&buf.data[buf.len-1]=='\n')&& !feof(fp))`
	`7008`	`+continue;`
	`7009`	`+`
	`7010`	`+/* ignore comments */`
	`7011`	`+if (buf.data[0]!='#')`
`7010`	`7012`	`{`
`7011`		`-charrest[LINELEN];`
`7012`		`-intrestlen;`
	`7013`	`+char*t=buf.data;`
	`7014`	`+intlen;`
`7013`	`7015`
`7014`		`-/*`
`7015`		`- * Warn if this password setting line is too long, because it's`
`7016`		`- * unexpectedly truncated.`
`7017`		`- */`
`7018`		`-if (buf[0]!='#')`
`7019`		`-fprintf(stderr,`
`7020`		`-libpq_gettext("WARNING: line %d too long in password file \"%s\"\n"),`
`7021`		`-line_number,pgpassfile);`
	`7016`	`+/* strip trailing newline and carriage return */`
	`7017`	`+len=pg_strip_crlf(t);`
`7022`	`7018`
`7023`		`-/* eat rest of the line */`
`7024`		`-while (!feof(fp)&& !ferror(fp))`
	`7019`	`+if (len>0&&`
	`7020`	`+(t=pwdfMatchesString(t,hostname))!=NULL&&`
	`7021`	`+(t=pwdfMatchesString(t,port))!=NULL&&`
	`7022`	`+(t=pwdfMatchesString(t,dbname))!=NULL&&`
	`7023`	`+(t=pwdfMatchesString(t,username))!=NULL)`
`7025`	`7024`	`{`
`7026`		`-if (fgets(rest,sizeof(rest),fp)==NULL)`
`7027`		`-break;`
`7028`		`-restlen=strlen(rest);`
`7029`		`-if (restlen<sizeof(rest)-1\|\|rest[restlen-1]=='\n')`
`7030`		`-break;`
`7031`		`-}`
`7032`		`-}`
`7033`		`-`
`7034`		`-/* ignore comments */`
`7035`		`-if (buf[0]=='#')`
`7036`		`-continue;`
`7037`		`-`
`7038`		`-/* strip trailing newline and carriage return */`
`7039`		`-len=pg_strip_crlf(buf);`
	`7025`	`+/* Found a match. */`
	`7026`	`+char*ret,`
	`7027`	`+*p1,`
	`7028`	`+*p2;`
`7040`	`7029`
`7041`		`-if (len==0)`
`7042`		`-continue;`
	`7030`	`+ret=strdup(t);`
`7043`	`7031`
`7044`		`-if ((t=pwdfMatchesString(t,hostname))==NULL\|\|`
`7045`		`-(t=pwdfMatchesString(t,port))==NULL\|\|`
`7046`		`-(t=pwdfMatchesString(t,dbname))==NULL\|\|`
`7047`		`-(t=pwdfMatchesString(t,username))==NULL)`
`7048`		`-continue;`
	`7032`	`+fclose(fp);`
	`7033`	`+explicit_bzero(buf.data,buf.maxlen);`
	`7034`	`+termPQExpBuffer(&buf);`
`7049`	`7035`
`7050`		`-/* Found a match. */`
`7051`		`-ret=strdup(t);`
`7052`		`-fclose(fp);`
	`7036`	`+if (!ret)`
	`7037`	`+{`
	`7038`	`+/* Out of memory. XXX: an error message would be nice. */`
	`7039`	`+returnNULL;`
	`7040`	`+}`
`7053`	`7041`
`7054`		`-if (!ret)`
`7055`		`-{`
`7056`		`-/* Out of memory. XXX: an error message would be nice. */`
`7057`		`-explicit_bzero(buf,sizeof(buf));`
`7058`		`-returnNULL;`
`7059`		`-}`
	`7042`	`+/* De-escape password. */`
	`7043`	`+for (p1=p2=ret;p1!=':'&&p1!='\0';++p1,++p2)`
	`7044`	`+{`
	`7045`	`+if (*p1=='\\'&&p1[1]!='\0')`
	`7046`	`+++p1;`
	`7047`	`+p2=p1;`
	`7048`	`+}`
	`7049`	`+*p2='\0';`
`7060`	`7050`
`7061`		`-/* De-escape password. */`
`7062`		`-for (p1=p2=ret;p1!=':'&&p1!='\0';++p1,++p2)`
`7063`		`-{`
`7064`		`-if (*p1=='\\'&&p1[1]!='\0')`
`7065`		`-++p1;`
`7066`		`-p2=p1;`
	`7051`	`+returnret;`
	`7052`	`+}`
`7067`	`7053`	`}`
`7068`		`-*p2='\0';`
`7069`	`7054`
`7070`		`-returnret;`
	`7055`	`+/* No match, reset buffer to prepare for next line. */`
	`7056`	`+buf.len=0;`
`7071`	`7057`	`}`
`7072`	`7058`
`7073`	`7059`	`fclose(fp);`
`7074`		`-explicit_bzero(buf,sizeof(buf));`
	`7060`	`+explicit_bzero(buf.data,buf.maxlen);`
	`7061`	`+termPQExpBuffer(&buf);`
`7075`	`7062`	`returnNULL;`
`7076`		`-`
`7077`		`-#undef LINELEN`
`7078`	`7063`	`}`
`7079`	`7064`
`7080`	`7065`

`‎src/test/authentication/t/001_password.pl`

Lines changed: 27 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@`
`17`	`17`	`}`
`18`	`18`	`else`
`19`	`19`	`{`
`20`		`-plantests=>10;`
	`20`	`+plantests=>13;`
`21`	`21`	`}`
`22`	`22`
`23`	`23`
`@@ -45,7 +45,9 @@ sub test_role`
`45`	`45`
`46`	`46`	`$status_string ='success'if ($expected_reseq 0);`
`47`	`47`
`48`		`-my$res =$node->psql('postgres',undef,extra_params=> ['-U',$role ]);`
	`48`	`+local$Test::Builder::Level =$Test::Builder::Level + 1;`
	`49`	`+`
	`50`	`+my$res =$node->psql('postgres',undef,extra_params=> ['-U',$role,'-w' ]);`
`49`	`51`	`is($res,$expected_res,`
`50`	`52`	`"authentication$status_string for method$method, role$role");`
`51`	`53`	`return;`
`@@ -96,3 +98,26 @@ sub test_role`
`96`	`98`	`reset_pg_hba($node,'scram-sha-256');`
`97`	`99`	`$ENV{"PGCHANNELBINDING"} ='require';`
`98`	`100`	`test_role($node,'scram_role','scram-sha-256', 2);`
	`101`	`+`
	`102`	`+# Test .pgpass processing; but use a temp file, don't overwrite the real one!`
	`103`	`+my$pgpassfile ="${TestLib::tmp_check}/pgpass";`
	`104`	`+`
	`105`	`+delete$ENV{"PGPASSWORD"};`
	`106`	`+delete$ENV{"PGCHANNELBINDING"};`
	`107`	`+$ENV{"PGPASSFILE"} =$pgpassfile;`
	`108`	`+`
	`109`	`+append_to_file($pgpassfile,qq!`
	`110`	`+# This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file.`
	`111`	`+::postgres:scram_role:pass:this is not part of the password.`
	`112`	`+!);`
	`113`	`+chmod 0600,$pgpassfileordie;`
	`114`	`+`
	`115`	`+reset_pg_hba($node,'password');`
	`116`	`+test_role($node,'scram_role','password from pgpass', 0);`
	`117`	`+test_role($node,'md5_role','password from pgpass', 2);`
	`118`	`+`
	`119`	`+append_to_file($pgpassfile,qq!`
	`120`	`+::*:md5_role:p\\ass`
	`121`	`+!);`
	`122`	`+`
	`123`	`+test_role($node,'md5_role','password from pgpass', 0);`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit4178b74

File tree

2 files changed

2 files changed

`‎src/interfaces/libpq/fe-connect.c`

`‎src/test/authentication/t/001_password.pl`

0 commit comments