NotificationsYou must be signed in to change notification settings
Fork5
Star27

Commit5369190

committed

Make the world at least marginally safe for usernames with embedded spaces.

Per recent gripe.

1 parentcb36e74 commit5369190Copy full SHA for 5369190

File tree

2 files changed

+68

-54

lines changed

src
- backend/utils/adt
  - acl.c
- bin/initdb
  - initdb.sh

2 files changed

+68

-54

lines changed

`‎src/backend/utils/adt/acl.c‎`

Lines changed: 64 additions & 50 deletions

Original file line number	Diff line number	Diff line change
`@@ -8,7 +8,7 @@`
`8`	`8`	`*`
`9`	`9`	`*`
`10`	`10`	`* IDENTIFICATION`
`11`		`- * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.86 2003/01/24 21:53:29 tgl Exp $`
	`11`	`+ * $Header: /cvsroot/pgsql/src/backend/utils/adt/acl.c,v 1.87 2003/06/02 19:00:29 tgl Exp $`
`12`	`12`	`*`
`13`	`13`	`*-------------------------------------------------------------------------`
`14`	`14`	`*/`
`@@ -31,6 +31,7 @@`
`31`	`31`	`#defineACL_IDTYPE_UID_KEYWORD"user"`
`32`	`32`
`33`	`33`	`staticconstchargetid(constchars,char*n);`
	`34`	`+staticvoidputid(charp,constchars);`
`34`	`35`	`staticAcl*makeacl(intn);`
`35`	`36`	`staticconstcharaclparse(constchars,AclItem*aip);`
`36`	`37`	`staticboolaclitemeq(constAclItema1,constAclItema2);`
`@@ -64,42 +65,68 @@ static AclMode convert_schema_priv_string(text *priv_type_text);`
`64`	`65`	`staticconstchar*`
`65`	`66`	`getid(constchars,charn)`
`66`	`67`	`{`
`67`		`-unsignedlen;`
`68`		`-constchar*id;`
`69`		`-intin_quotes=0;`
	`68`	`+intlen=0;`
	`69`	`+boolin_quotes= false;`
`70`	`70`
`71`	`71`	`Assert(s&&n);`
`72`	`72`
`73`	`73`	`while (isspace((unsignedchar)*s))`
`74`		`-++s;`
`75`		`-`
`76`		`-if (*s=='"')`
`77`		`-{`
`78`		`-in_quotes=1;`
`79`	`74`	`s++;`
`80`		`-}`
`81`		`-`
`82`		`-for (id=s,len=0;`
`83`		`-isalnum((unsignedchar)s)\|\|s=='_'\|\|in_quotes;`
`84`		`-++len,++s)`
	`75`	`+/* This test had better match what putid() does, below */`
	`76`	`+for (;`
	`77`	`+*s!='\0'&&`
	`78`	`+ (isalnum((unsignedchar)*s)\|\|`
	`79`	`+*s=='_'\|\|`
	`80`	`+*s=='"'\|\|`
	`81`	`+in_quotes);`
	`82`	`+s++)`
`85`	`83`	`{`
`86`		`-if (in_quotes&&*s=='"')`
	`84`	`+if (*s=='"')`
`87`	`85`	`{`
`88`		`-len--;`
`89`		`-in_quotes=0;`
	`86`	`+in_quotes= !in_quotes;`
	`87`	`+}`
	`88`	`+else`
	`89`	`+{`
	`90`	`+if (len >=NAMEDATALEN-1)`
	`91`	`+elog(ERROR,"identifier must be less than %d characters",`
	`92`	`+NAMEDATALEN);`
	`93`	`+n[len++]=*s;`
`90`	`94`	`}`
`91`	`95`	`}`
`92`		`-if (len >=NAMEDATALEN)`
`93`		`-elog(ERROR,"getid: identifier must be <%d characters",`
`94`		`-NAMEDATALEN);`
`95`		`-if (len>0)`
`96`		`-memmove(n,id,len);`
`97`	`96`	`n[len]='\0';`
`98`	`97`	`while (isspace((unsignedchar)*s))`
`99`		`-++s;`
	`98`	`+s++;`
`100`	`99`	`returns;`
`101`	`100`	`}`
`102`	`101`
	`102`	`+/*`
	`103`	`+ * Write a user or group Name at *p, surrounding it with double quotes if`
	`104`	`+ * needed. There must be at least NAMEDATALEN+2 bytes available at *p.`
	`105`	`+ */`
	`106`	`+staticvoid`
	`107`	`+putid(charp,constchars)`
	`108`	`+{`
	`109`	`+constchar*src;`
	`110`	`+boolsafe= true;`
	`111`	`+`
	`112`	`+for (src=s;*src;src++)`
	`113`	`+{`
	`114`	`+/* This test had better match what getid() does, above */`
	`115`	`+if (!isalnum((unsignedchar)src)&&src!='_')`
	`116`	`+{`
	`117`	`+safe= false;`
	`118`	`+break;`
	`119`	`+}`
	`120`	`+}`
	`121`	`+if (!safe)`
	`122`	`+*p++='"';`
	`123`	`+for (src=s;*src;src++)`
	`124`	`+p++=src;`
	`125`	`+if (!safe)`
	`126`	`+*p++='"';`
	`127`	`+*p='\0';`
	`128`	`+}`
	`129`	`+`
`103`	`130`	`/*`
`104`	`131`	`* aclparse`
`105`	`132`	`*Consumes and parses an ACL specification of the form:`
`@@ -304,7 +331,12 @@ aclitemout(PG_FUNCTION_ARGS)`
`304`	`331`	`unsignedi;`
`305`	`332`	`char*tmpname;`
`306`	`333`
`307`		`-p=out=palloc(strlen("group = ")+2N_ACL_RIGHTS+2NAMEDATALEN+2);`
	`334`	`+out=palloc(strlen("group =/")+`
	`335`	`+2*N_ACL_RIGHTS+`
	`336`	`+2* (NAMEDATALEN+2)+`
	`337`	`+1);`
	`338`	`+`
	`339`	`+p=out;`
`308`	`340`	`*p='\0';`
`309`	`341`
`310`	`342`	`switch (ACLITEM_GET_IDTYPE(*aip))`
`@@ -315,36 +347,25 @@ aclitemout(PG_FUNCTION_ARGS)`
`315`	`347`	`0,0,0);`
`316`	`348`	`if (HeapTupleIsValid(htup))`
`317`	`349`	`{`
`318`		`-strncat(p,`
`319`		`-NameStr(((Form_pg_shadow)GETSTRUCT(htup))->usename),`
`320`		`-NAMEDATALEN);`
	`350`	`+putid(p,NameStr(((Form_pg_shadow)GETSTRUCT(htup))->usename));`
`321`	`351`	`ReleaseSysCache(htup);`
`322`	`352`	`}`
`323`	`353`	`else`
`324`	`354`	`{`
`325`	`355`	`/* Generate numeric UID if we don't find an entry */`
`326`		`-char*tmp;`
`327`		`-`
`328`		`-tmp=DatumGetCString(DirectFunctionCall1(int4out,`
`329`		`-Int32GetDatum((int32)aip->ai_grantee)));`
`330`		`-strcat(p,tmp);`
`331`		`-pfree(tmp);`
	`356`	`+sprintf(p,"%d",aip->ai_grantee);`
`332`	`357`	`}`
`333`	`358`	`break;`
`334`	`359`	`caseACL_IDTYPE_GID:`
`335`		`-strcat(p,"group ");`
	`360`	`+strcpy(p,"group ");`
	`361`	`+p+=strlen(p);`
`336`	`362`	`tmpname=get_groname(aip->ai_grantee);`
`337`	`363`	`if (tmpname!=NULL)`
`338`		`-strncat(p,tmpname,NAMEDATALEN);`
	`364`	`+putid(p,tmpname);`
`339`	`365`	`else`
`340`	`366`	`{`
`341`	`367`	`/* Generate numeric GID if we don't find an entry */`
`342`		`-char*tmp;`
`343`		`-`
`344`		`-tmp=DatumGetCString(DirectFunctionCall1(int4out,`
`345`		`-Int32GetDatum((int32)aip->ai_grantee)));`
`346`		`-strcat(p,tmp);`
`347`		`-pfree(tmp);`
	`368`	`+sprintf(p,"%d",aip->ai_grantee);`
`348`	`369`	`}`
`349`	`370`	`break;`
`350`	`371`	`caseACL_IDTYPE_WORLD:`
`@@ -375,20 +396,13 @@ aclitemout(PG_FUNCTION_ARGS)`
`375`	`396`	`0,0,0);`
`376`	`397`	`if (HeapTupleIsValid(htup))`
`377`	`398`	`{`
`378`		`-strncat(p,`
`379`		`-NameStr(((Form_pg_shadow)GETSTRUCT(htup))->usename),`
`380`		`-NAMEDATALEN);`
	`399`	`+putid(p,NameStr(((Form_pg_shadow)GETSTRUCT(htup))->usename));`
`381`	`400`	`ReleaseSysCache(htup);`
`382`	`401`	`}`
`383`	`402`	`else`
`384`	`403`	`{`
`385`	`404`	`/* Generate numeric UID if we don't find an entry */`
`386`		`-char*tmp;`
`387`		`-`
`388`		`-tmp=DatumGetCString(DirectFunctionCall1(int4out,`
`389`		`-Int32GetDatum((int32)aip->ai_grantor)));`
`390`		`-strcat(p,tmp);`
`391`		`-pfree(tmp);`
	`405`	`+sprintf(p,"%d",aip->ai_grantor);`
`392`	`406`	`}`
`393`	`407`
`394`	`408`	`while (*p)`

`‎src/bin/initdb/initdb.sh‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@`
`27`	`27`	`# Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
`28`	`28`	`# Portions Copyright (c) 1994, Regents of the University of California`
`29`	`29`	`#`
`30`		`-# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.191 2003/05/28 18:19:09 tgl Exp $`
	`30`	`+# $Header: /cvsroot/pgsql/src/bin/initdb/Attic/initdb.sh,v 1.192 2003/06/0219:00:29 tgl Exp $`
`31`	`31`	`#`
`32`	`32`	`#-------------------------------------------------------------------------`
`33`	`33`
`@@ -1021,11 +1021,11 @@ echo "ok"`
`1021`	`1021`	`$ECHO_N"setting privileges on built-in objects..."$ECHO_C`
`1022`	`1022`	`(`
`1023`	`1023`	`cat<<EOF`
`1024`		`- UPDATE pg_class SET relacl = '{"=r/$POSTGRES_SUPERUSERNAME"}'\`
	`1024`	`+ UPDATE pg_class SET relacl = '{"=r/\\\\"$POSTGRES_SUPERUSERNAME\\\\""}'\`
`1025`	`1025`	`WHERE relkind IN ('r', 'v', 'S') AND relacl IS NULL;`
`1026`		`- UPDATE pg_proc SET proacl = '{"=X/$POSTGRES_SUPERUSERNAME"}'\`
	`1026`	`+ UPDATE pg_proc SET proacl = '{"=X/\\\\"$POSTGRES_SUPERUSERNAME\\\\""}'\`
`1027`	`1027`	`WHERE proacl IS NULL;`
`1028`		`- UPDATE pg_language SET lanacl = '{"=U/$POSTGRES_SUPERUSERNAME"}'\`
	`1028`	`+ UPDATE pg_language SET lanacl = '{"=U/\\\\"$POSTGRES_SUPERUSERNAME\\\\""}'\`
`1029`	`1029`	`WHERE lanpltrusted;`
`1030`	`1030`	`GRANT USAGE ON SCHEMA pg_catalog TO PUBLIC;`
`1031`	`1031`	`GRANT CREATE, USAGE ON SCHEMA public TO PUBLIC;`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit5369190

File tree

2 files changed

2 files changed

`‎src/backend/utils/adt/acl.c‎`

`‎src/bin/initdb/initdb.sh‎`

0 commit comments