NotificationsYou must be signed in to change notification settings
Fork28
Star153

Commit57c0879

committed

Code review for sslmode patch: eliminate memory leak, avoid giving a

completely useless error message in 'allow' case, don't retry connectionat the sendauth stage (by then the server will either let us in or not,no point in wasting cycles on another try in the other SSL state).

1 parent13ac54d commit57c0879Copy full SHA for 57c0879

File tree

2 files changed

+42

-100

lines changed

src/interfaces/libpq
- fe-connect.c
- libpq-int.h

2 files changed

+42

-100

lines changed

`‎src/interfaces/libpq/fe-connect.c‎`

Lines changed: 39 additions & 97 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.256 2003/07/28 00:09:16 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.257 2003/08/01 21:27:26 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -366,7 +366,7 @@ connectOptions1(PGconn conn, const char conninfo)`
`366`	`366`	`/* here warn that the requiressl option is deprecated? */`
`367`	`367`	`if (conn->sslmode)`
`368`	`368`	`free(conn->sslmode);`
`369`		`-conn->sslmode="require";`
	`369`	`+conn->sslmode=strdup("require");`
`370`	`370`	`}`
`371`	`371`	`#endif`
`372`	`372`
`@@ -466,15 +466,14 @@ connectOptions2(PGconn *conn)`
`466`	`466`	`case'r':/* "require" */`
`467`	`467`	`conn->status=CONNECTION_BAD;`
`468`	`468`	`printfPQExpBuffer(&conn->errorMessage,`
`469`		`-libpq_gettext("sslmode \"%s\" invalid when SSL "`
`470`		`-"support is not compiled in\n"),`
	`469`	`+libpq_gettext("sslmode \"%s\" invalid when SSL support is not compiled in\n"),`
`471`	`470`	`conn->sslmode);`
`472`	`471`	`return false;`
`473`	`472`	`}`
`474`	`473`	`#endif`
`475`	`474`	`}`
`476`	`475`	`else`
`477`		`-conn->sslmode=DefaultSSLMode;`
	`476`	`+conn->sslmode=strdup(DefaultSSLMode);`
`478`	`477`
`479`	`478`	`return true;`
`480`	`479`	`}`
`@@ -1351,7 +1350,8 @@ PQconnectPoll(PGconn *conn)`
`1351`	`1350`	`/* Don't bother requesting SSL over a Unix socket */`
`1352`	`1351`	`conn->allow_ssl_try= false;`
`1353`	`1352`	`}`
`1354`		`-if (conn->allow_ssl_try&& !conn->wait_ssl_try&&conn->ssl==NULL)`
	`1353`	`+if (conn->allow_ssl_try&& !conn->wait_ssl_try&&`
	`1354`	`+conn->ssl==NULL)`
`1355`	`1355`	`{`
`1356`	`1356`	`ProtocolVersionpv;`
`1357`	`1357`
`@@ -1455,22 +1455,13 @@ PQconnectPoll(PGconn *conn)`
`1455`	`1455`	`}`
`1456`	`1456`	`elseif (SSLok=='N')`
`1457`	`1457`	`{`
`1458`		`-switch (conn->sslmode[0]) {`
`1459`		`-case'r':/* "require" */`
`1460`		`-/* Require SSL, but server does not want it */`
`1461`		`-printfPQExpBuffer(&conn->errorMessage,`
`1462`		`-libpq_gettext("server does not support SSL, but SSL was required\n"));`
`1463`		`-gotoerror_return;`
`1464`		`-case'a':/* "allow" */`
`1465`		`-/*`
`1466`		`- * normal startup already failed,`
`1467`		`- * so SSL failure means the end`
`1468`		`- */`
`1469`		`-printfPQExpBuffer(&conn->errorMessage,`
`1470`		`-libpq_gettext("server does not support SSL, and previous non-SSL attempt failed\n"));`
`1471`		`-gotoerror_return;`
	`1458`	`+if (conn->sslmode[0]=='r')/* "require" */`
	`1459`	`+{`
	`1460`	`+/* Require SSL, but server does not want it */`
	`1461`	`+printfPQExpBuffer(&conn->errorMessage,`
	`1462`	`+libpq_gettext("server does not support SSL, but SSL was required\n"));`
	`1463`	`+gotoerror_return;`
`1472`	`1464`	`}`
`1473`		`-`
`1474`	`1465`	`/* Otherwise, proceed with normal startup */`
`1475`	`1466`	`conn->allow_ssl_try= false;`
`1476`	`1467`	`conn->status=CONNECTION_MADE;`
`@@ -1481,22 +1472,13 @@ PQconnectPoll(PGconn *conn)`
`1481`	`1472`	`/* Received error - probably protocol mismatch */`
`1482`	`1473`	`if (conn->Pfdebug)`
`1483`	`1474`	`fprintf(conn->Pfdebug,"Postmaster reports error, attempting fallback to pre-7.0.\n");`
`1484`		`-switch (conn->sslmode[0]) {`
`1485`		`-case'r':/* "require" */`
`1486`		`-/* Require SSL, but server is too old */`
`1487`		`-printfPQExpBuffer(&conn->errorMessage,`
`1488`		`-libpq_gettext("server does not support SSL, but SSL was required\n"));`
`1489`		`-gotoerror_return;`
`1490`		`-case'a':/* "allow" */`
`1491`		`-/*`
`1492`		`- * normal startup already failed,`
`1493`		`- * so SSL failure means the end`
`1494`		`- */`
`1495`		`-printfPQExpBuffer(&conn->errorMessage,`
`1496`		`-libpq_gettext("server does not support SSL, and previous non-SSL attempt failed\n"));`
`1497`		`-gotoerror_return;`
	`1475`	`+if (conn->sslmode[0]=='r')/* "require" */`
	`1476`	`+{`
	`1477`	`+/* Require SSL, but server is too old */`
	`1478`	`+printfPQExpBuffer(&conn->errorMessage,`
	`1479`	`+libpq_gettext("server does not support SSL, but SSL was required\n"));`
	`1480`	`+gotoerror_return;`
`1498`	`1481`	`}`
`1499`		`-`
`1500`	`1482`	`/* Otherwise, try again without SSL */`
`1501`	`1483`	`conn->allow_ssl_try= false;`
`1502`	`1484`	`/* Assume it ain't gonna handle protocol 3, either */`
`@@ -1686,13 +1668,15 @@ PQconnectPoll(PGconn *conn)`
`1686`	`1668`
`1687`	`1669`	`#ifdefUSE_SSL`
`1688`	`1670`	`/*`
`1689`		`- * if sslmode is "allow" and we haven't tried an`
`1690`		`- *SSLconnection already, then retry with an SSL connection`
	`1671`	`+ * if sslmode is "allow" and we haven't tried an SSL`
	`1672`	`+ * connection already, then retry with an SSL connection`
`1691`	`1673`	`*/`
`1692`		`-if (conn->wait_ssl_try`
	`1674`	`+if (conn->sslmode[0]=='a'/* "allow" */`
`1693`	`1675`	`&&conn->ssl==NULL`
`1694`		`-&&conn->allow_ssl_try)`
	`1676`	`+&&conn->allow_ssl_try`
	`1677`	`+&&conn->wait_ssl_try)`
`1695`	`1678`	`{`
	`1679`	`+/* only retry once */`
`1696`	`1680`	`conn->wait_ssl_try= false;`
`1697`	`1681`	`/* Must drop the old connection */`
`1698`	`1682`	`closesocket(conn->sock);`
`@@ -1703,20 +1687,19 @@ PQconnectPoll(PGconn *conn)`
`1703`	`1687`
`1704`	`1688`	`/*`
`1705`	`1689`	`* if sslmode is "prefer" and we're in an SSL`
`1706`		`- * connection and we haven't already tried a non-SSL`
`1707`		`- * for "allow", then do a non-SSL retry`
	`1690`	`+ * connection, then do a non-SSL retry`
`1708`	`1691`	`*/`
`1709`		`-if (!conn->wait_ssl_try`
	`1692`	`+if (conn->sslmode[0]=='p'/* "prefer" */`
`1710`	`1693`	`&&conn->ssl`
`1711`		`-&&conn->allow_ssl_try`
`1712`		`-&&conn->sslmode[0]=='p')/"prefer" /`
	`1694`	`+&&conn->allow_ssl_try/* redundant? */`
	`1695`	`+&&!conn->wait_ssl_try)/redundant? /`
`1713`	`1696`	`{`
	`1697`	`+/* only retry once */`
`1714`	`1698`	`conn->allow_ssl_try= false;`
`1715`	`1699`	`/* Must drop the old connection */`
`1716`	`1700`	`pqsecure_close(conn);`
`1717`	`1701`	`closesocket(conn->sock);`
`1718`	`1702`	`conn->sock=-1;`
`1719`		`-free(conn->ssl);`
`1720`	`1703`	`conn->status=CONNECTION_NEEDED;`
`1721`	`1704`	`gotokeep_going;`
`1722`	`1705`	`}`
`@@ -1773,44 +1756,6 @@ PQconnectPoll(PGconn *conn)`
`1773`	`1756`	`if (fe_sendauth(areq,conn,conn->pghost,conn->pgpass,`
`1774`	`1757`	`conn->errorMessage.data)!=STATUS_OK)`
`1775`	`1758`	`{`
`1776`		`-#ifdefUSE_SSL`
`1777`		`-/*`
`1778`		`- * if sslmode is "allow" and we haven't tried an`
`1779`		`- * SSL connection already, then retry with an SSL connection`
`1780`		`- */`
`1781`		`-if (conn->wait_ssl_try`
`1782`		`-&&conn->ssl==NULL`
`1783`		`-&&conn->allow_ssl_try)`
`1784`		`-{`
`1785`		`-conn->wait_ssl_try= false;`
`1786`		`-/* Must drop the old connection */`
`1787`		`-closesocket(conn->sock);`
`1788`		`-conn->sock=-1;`
`1789`		`-conn->status=CONNECTION_NEEDED;`
`1790`		`-gotokeep_going;`
`1791`		`-}`
`1792`		`-`
`1793`		`-/*`
`1794`		`- * if sslmode is "prefer" and we're in an SSL`
`1795`		`- * connection and we haven't already tried a non-SSL`
`1796`		`- * for "allow", then do a non-SSL retry`
`1797`		`- */`
`1798`		`-if (!conn->wait_ssl_try`
`1799`		`-&&conn->ssl`
`1800`		`-&&conn->allow_ssl_try`
`1801`		`-&&conn->sslmode[0]=='p')/* "prefer" */`
`1802`		`-{`
`1803`		`-conn->allow_ssl_try= false;`
`1804`		`-/* Must drop the old connection */`
`1805`		`-pqsecure_close(conn);`
`1806`		`-closesocket(conn->sock);`
`1807`		`-conn->sock=-1;`
`1808`		`-free(conn->ssl);`
`1809`		`-conn->status=CONNECTION_NEEDED;`
`1810`		`-gotokeep_going;`
`1811`		`-}`
`1812`		`-#endif`
`1813`		`-`
`1814`	`1759`	`conn->errorMessage.len=strlen(conn->errorMessage.data);`
`1815`	`1760`	`gotoerror_return;`
`1816`	`1761`	`}`
`@@ -1968,27 +1913,21 @@ PQconnectPoll(PGconn *conn)`
`1968`	`1913`	`staticPGconn*`
`1969`	`1914`	`makeEmptyPGconn(void)`
`1970`	`1915`	`{`
`1971`		`-PGconnconn= (PGconn)malloc(sizeof(PGconn));`
	`1916`	`+PGconn*conn;`
`1972`	`1917`
`1973`		`-/* needed to use the static libpq under windows as well */`
`1974`	`1918`	`#ifdefWIN32`
	`1919`	`+/* needed to use the static libpq under windows as well */`
`1975`	`1920`	`WSADATAwsaData;`
`1976`		`-#endif`
`1977`	`1921`
`1978`		`-if (conn==NULL)`
`1979`		`-returnconn;`
`1980`		`-`
`1981`		`-#ifdefWIN32`
`1982`	`1922`	`if (WSAStartup(MAKEWORD(1,1),&wsaData))`
`1983`		`-{`
`1984`		`-free(conn);`
`1985`	`1923`	`return (PGconn*)NULL;`
`1986`		`-}`
`1987`		`-`
`1988`	`1924`	`WSASetLastError(0);`
`1989`		`-`
`1990`	`1925`	`#endif`
`1991`	`1926`
	`1927`	`+conn= (PGconn*)malloc(sizeof(PGconn));`
	`1928`	`+if (conn==NULL)`
	`1929`	`+returnconn;`
	`1930`	`+`
`1992`	`1931`	`/* Zero all pointers and booleans */`
`1993`	`1932`	`MemSet((char*)conn,0,sizeof(PGconn));`
`1994`	`1933`
`@@ -2003,7 +1942,8 @@ makeEmptyPGconn(void)`
`2003`	`1942`	`conn->notifyList=DLNewList();`
`2004`	`1943`	`conn->sock=-1;`
`2005`	`1944`	`#ifdefUSE_SSL`
`2006`		`-conn->allow_ssl_try= TRUE;`
	`1945`	`+conn->allow_ssl_try= true;`
	`1946`	`+conn->wait_ssl_try= false;`
`2007`	`1947`	`#endif`
`2008`	`1948`
`2009`	`1949`	`/*`
`@@ -2073,6 +2013,8 @@ freePGconn(PGconn *conn)`
`2073`	`2013`	`free(conn->pguser);`
`2074`	`2014`	`if (conn->pgpass)`
`2075`	`2015`	`free(conn->pgpass);`
	`2016`	`+if (conn->sslmode)`
	`2017`	`+free(conn->sslmode);`
`2076`	`2018`	`/* Note that conn->Pfdebug is not ours to close or free */`
`2077`	`2019`	`if (conn->notifyList)`
`2078`	`2020`	`DLFreeList(conn->notifyList);`

`‎src/interfaces/libpq/libpq-int.h‎`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,7 +12,7 @@`
`12`	`12`	`* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
`13`	`13`	`* Portions Copyright (c) 1994, Regents of the University of California`
`14`	`14`	`*`
`15`		`- * $Id: libpq-int.h,v 1.77 2003/07/26 13:50:02 momjian Exp $`
	`15`	`+ * $Id: libpq-int.h,v 1.78 2003/08/01 21:27:27 tgl Exp $`
`16`	`16`	`*`
`17`	`17`	`*-------------------------------------------------------------------------`
`18`	`18`	`*/`
`@@ -249,6 +249,7 @@ struct pg_conn`
`249`	`249`	`chardbName;/ database name */`
`250`	`250`	`charpguser;/ Postgres username and password, if any */`
`251`	`251`	`char*pgpass;`
	`252`	`+charsslmode;/ SSL mode (require,prefer,allow,disable) */`
`252`	`253`
`253`	`254`	`/* Optional file to write trace info to */`
`254`	`255`	`FILE*Pfdebug;`
`@@ -316,11 +317,10 @@ struct pg_conn`
`316`	`317`	`PGresultresult;/ result being constructed */`
`317`	`318`	`PGresAttValuecurTuple;/ tuple currently being read */`
`318`	`319`
`319`		`-charsslmode;/ SSL mode option string */`
`320`	`320`	`#ifdefUSE_SSL`
`321`	`321`	`boolallow_ssl_try;/* Allowed to try SSL negotiation */`
`322`	`322`	`boolwait_ssl_try;/* Delay SSL negotiation until after`
`323`		`- attempting normal connection */`
	`323`	`+* attempting normal connection */`
`324`	`324`	`SSLssl;/ SSL status, if have SSL connection */`
`325`	`325`	`X509peer;/ X509 cert of server */`
`326`	`326`	`charpeer_dn[256+1];/* peer distinguished name */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit57c0879

File tree

2 files changed

2 files changed

`‎src/interfaces/libpq/fe-connect.c‎`

`‎src/interfaces/libpq/libpq-int.h‎`

0 commit comments