Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit92aa462

Browse files
committed
Second try at IPv4-to-v6 mapping code; avoid assuming that the struct
returned by getaddrinfo_all will have enough room for an IPv6 address.
1 parent3c9bb88 commit92aa462

File tree

3 files changed

+48
-51
lines changed

3 files changed

+48
-51
lines changed

‎src/backend/libpq/hba.c‎

Lines changed: 32 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
*
1111
*
1212
* IDENTIFICATION
13-
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.113 2003/09/0520:31:35 tgl Exp $
13+
* $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.114 2003/09/0523:07:21 tgl Exp $
1414
*
1515
*-------------------------------------------------------------------------
1616
*/
@@ -550,12 +550,12 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
550550
char*token;
551551
char*db;
552552
char*user;
553-
structaddrinfo*file_ip_addr=NULL,
554-
*file_ip_mask=NULL;
553+
structaddrinfo*gai_result;
555554
structaddrinfohints;
556-
structsockaddr_storage*mask;
557-
char*cidr_slash;
558555
intret;
556+
structsockaddr_storageaddr;
557+
structsockaddr_storagemask;
558+
char*cidr_slash;
559559

560560
Assert(line!=NIL);
561561
line_number=lfirsti(line);
@@ -648,6 +648,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
648648
if (cidr_slash)
649649
*cidr_slash='\0';
650650

651+
/* Get the IP address either way */
651652
hints.ai_flags=AI_NUMERICHOST;
652653
hints.ai_family=PF_UNSPEC;
653654
hints.ai_socktype=0;
@@ -657,27 +658,30 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
657658
hints.ai_addr=NULL;
658659
hints.ai_next=NULL;
659660

660-
/* Get the IP address either way */
661-
ret=getaddrinfo_all(token,NULL,&hints,&file_ip_addr);
662-
if (ret|| !file_ip_addr)
661+
ret=getaddrinfo_all(token,NULL,&hints,&gai_result);
662+
if (ret|| !gai_result)
663663
{
664664
ereport(LOG,
665665
(errcode(ERRCODE_CONFIG_FILE_ERROR),
666666
errmsg("could not interpret IP address \"%s\" in config file: %s",
667667
token,gai_strerror(ret))));
668668
if (cidr_slash)
669669
*cidr_slash='/';
670+
if (gai_result)
671+
freeaddrinfo_all(hints.ai_family,gai_result);
670672
gotohba_syntax;
671673
}
672674

673675
if (cidr_slash)
674676
*cidr_slash='/';
675677

678+
memcpy(&addr,gai_result->ai_addr,gai_result->ai_addrlen);
679+
freeaddrinfo_all(hints.ai_family,gai_result);
680+
676681
/* Get the netmask */
677682
if (cidr_slash)
678683
{
679-
if (SockAddr_cidr_mask(&mask,cidr_slash+1,
680-
file_ip_addr->ai_family)<0)
684+
if (SockAddr_cidr_mask(&mask,cidr_slash+1,addr.ss_family)<0)
681685
gotohba_syntax;
682686
}
683687
else
@@ -688,55 +692,54 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
688692
gotohba_syntax;
689693
token=lfirst(line);
690694

691-
ret=getaddrinfo_all(token,NULL,&hints,&file_ip_mask);
692-
if (ret|| !file_ip_mask)
695+
ret=getaddrinfo_all(token,NULL,&hints,&gai_result);
696+
if (ret|| !gai_result)
697+
{
698+
if (gai_result)
699+
freeaddrinfo_all(hints.ai_family,gai_result);
693700
gotohba_syntax;
701+
}
694702

695-
mask= (structsockaddr_storage*)file_ip_mask->ai_addr;
703+
memcpy(&mask,gai_result->ai_addr,gai_result->ai_addrlen);
704+
freeaddrinfo_all(hints.ai_family,gai_result);
696705

697-
if (file_ip_addr->ai_family!=mask->ss_family)
706+
if (addr.ss_family!=mask.ss_family)
698707
gotohba_syntax;
699708
}
700709

701-
if (file_ip_addr->ai_family!=port->raddr.addr.ss_family)
710+
if (addr.ss_family!=port->raddr.addr.ss_family)
702711
{
703712
/*
704713
* Wrong address family. We allow only one case: if the
705714
* file has IPv4 and the port is IPv6, promote the file
706715
* address to IPv6 and try to match that way.
707716
*/
708717
#ifdefHAVE_IPV6
709-
if (file_ip_addr->ai_family==AF_INET&&
718+
if (addr.ss_family==AF_INET&&
710719
port->raddr.addr.ss_family==AF_INET6)
711720
{
712-
promote_v4_to_v6_addr((structsockaddr_storage*)file_ip_addr->ai_addr);
713-
promote_v4_to_v6_mask(mask);
721+
promote_v4_to_v6_addr(&addr);
722+
promote_v4_to_v6_mask(&mask);
714723
}
715724
else
716725
#endif/* HAVE_IPV6 */
717726
{
718-
freeaddrinfo_all(hints.ai_family,file_ip_addr);
727+
/* Line doesn't match client port, so ignore it. */
719728
return;
720729
}
721730
}
722731

732+
/* Ignore line if client port is not in the matching addr range. */
733+
if (!rangeSockAddr(&port->raddr.addr,&addr,&mask))
734+
return;
735+
723736
/* Read the rest of the line. */
724737
line=lnext(line);
725738
if (!line)
726739
gotohba_syntax;
727740
parse_hba_auth(line,&port->auth_method,&port->auth_arg,error_p);
728741
if (*error_p)
729742
gotohba_syntax;
730-
731-
/* Must meet network restrictions */
732-
if (!rangeSockAddr(&port->raddr.addr,
733-
(structsockaddr_storage*)file_ip_addr->ai_addr,
734-
mask))
735-
gotohba_freeaddr;
736-
737-
freeaddrinfo_all(hints.ai_family,file_ip_addr);
738-
if (file_ip_mask)
739-
freeaddrinfo_all(hints.ai_family,file_ip_mask);
740743
}
741744
else
742745
gotohba_syntax;
@@ -763,12 +766,6 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
763766
line_number)));
764767

765768
*error_p= true;
766-
767-
hba_freeaddr:
768-
if (file_ip_addr)
769-
freeaddrinfo_all(hints.ai_family,file_ip_addr);
770-
if (file_ip_mask)
771-
freeaddrinfo_all(hints.ai_family,file_ip_mask);
772769
}
773770

774771

‎src/backend/libpq/ip.c‎

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.20 2003/09/0520:31:36 tgl Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.21 2003/09/0523:07:21 tgl Exp $
1212
*
1313
* This file and the IPV6 implementation were initially provided by
1414
* Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
@@ -332,15 +332,15 @@ rangeSockAddrAF_INET6(const struct sockaddr_in6 * addr,
332332
*SockAddr_cidr_mask - make a network mask of the appropriate family
333333
* and required number of significant bits
334334
*
335-
* Note: Returns a static pointer for the mask, so it's not thread safe,
336-
* and a second call will overwrite the data.
335+
* The resulting mask is placed in *mask, which had better be big enough.
336+
*
337+
* Return value is 0 if okay, -1 if not.
337338
*/
338339
int
339-
SockAddr_cidr_mask(structsockaddr_storage**mask,char*numbits,intfamily)
340+
SockAddr_cidr_mask(structsockaddr_storage*mask,char*numbits,intfamily)
340341
{
341342
longbits;
342343
char*endptr;
343-
staticstructsockaddr_storagesock;
344344
structsockaddr_inmask4;
345345

346346
#ifdefHAVE_IPV6
@@ -359,15 +359,13 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
359359
)
360360
return-1;
361361

362-
*mask=&sock;
363-
364362
switch (family)
365363
{
366364
caseAF_INET:
367365
mask4.sin_addr.s_addr=
368366
htonl((0xffffffffUL << (32-bits))
369367
&0xffffffffUL);
370-
memcpy(&sock,&mask4,sizeof(mask4));
368+
memcpy(mask,&mask4,sizeof(mask4));
371369
break;
372370
#ifdefHAVE_IPV6
373371
caseAF_INET6:
@@ -387,15 +385,15 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
387385
}
388386
bits-=8;
389387
}
390-
memcpy(&sock,&mask6,sizeof(mask6));
388+
memcpy(mask,&mask6,sizeof(mask6));
391389
break;
392390
}
393391
#endif
394392
default:
395393
return-1;
396394
}
397395

398-
sock.ss_family=family;
396+
mask->ss_family=family;
399397
return0;
400398
}
401399

@@ -406,8 +404,9 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
406404
* promote_v4_to_v6_addr --- convert an AF_INET addr to AF_INET6, using
407405
*the standard convention for IPv4 addresses mapped into IPv6 world
408406
*
409-
* The passed addr is modified in place. Note that we only worry about
410-
* setting the fields that rangeSockAddr will look at.
407+
* The passed addr is modified in place; be sure it is large enough to
408+
* hold the result! Note that we only worry about setting the fields
409+
* that rangeSockAddr will look at.
411410
*/
412411
void
413412
promote_v4_to_v6_addr(structsockaddr_storage*addr)
@@ -440,8 +439,9 @@ promote_v4_to_v6_addr(struct sockaddr_storage * addr)
440439
* This must be different from promote_v4_to_v6_addr because we want to
441440
* set the high-order bits to 1's not 0's.
442441
*
443-
* The passed addr is modified in place. Note that we only worry about
444-
* setting the fields that rangeSockAddr will look at.
442+
* The passed addr is modified in place; be sure it is large enough to
443+
* hold the result! Note that we only worry about setting the fields
444+
* that rangeSockAddr will look at.
445445
*/
446446
void
447447
promote_v4_to_v6_mask(structsockaddr_storage*addr)

‎src/include/libpq/ip.h‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
*
66
* Copyright (c) 2003, PostgreSQL Global Development Group
77
*
8-
* $Id: ip.h,v 1.11 2003/09/0520:31:36 tgl Exp $
8+
* $Id: ip.h,v 1.12 2003/09/0523:07:21 tgl Exp $
99
*
1010
*-------------------------------------------------------------------------
1111
*/
@@ -30,7 +30,7 @@ extern int rangeSockAddr(const struct sockaddr_storage * addr,
3030
conststructsockaddr_storage*netaddr,
3131
conststructsockaddr_storage*netmask);
3232

33-
externintSockAddr_cidr_mask(structsockaddr_storage**mask,
33+
externintSockAddr_cidr_mask(structsockaddr_storage*mask,
3434
char*numbits,intfamily);
3535

3636
#ifdefHAVE_IPV6

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp