NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commitfee476d

committed

Improve libpq's error reporting for SSL failures.

In many cases, pqsecure_read/pqsecure_write set up useful error messages,which were then overwritten with useless ones by their callers. Fix thisby defining the responsibility to set an error message to be entirely thatof the lower-level function when using SSL.Back-patch to 8.3; the code is too different in 8.2 to be worth thetrouble.

1 parentd0c2302 commitfee476dCopy full SHA for fee476d

File tree

2 files changed

+67

-18

lines changed

src/interfaces/libpq
- fe-misc.c
- fe-secure.c

2 files changed

+67

-18

lines changed

`‎src/interfaces/libpq/fe-misc.c`

Lines changed: 17 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -647,7 +647,9 @@ pqReadData(PGconn *conn)`
`647`	`647`	`if (SOCK_ERRNO==ECONNRESET)`
`648`	`648`	`gotodefinitelyFailed;`
`649`	`649`	`#endif`
`650`		`-printfPQExpBuffer(&conn->errorMessage,`
	`650`	`+/* in SSL mode, pqsecure_read set the error message */`
	`651`	`+if (conn->ssl==NULL)`
	`652`	`+printfPQExpBuffer(&conn->errorMessage,`
`651`	`653`	`libpq_gettext("could not receive data from server: %s\n"),`
`652`	`654`	`SOCK_STRERROR(SOCK_ERRNO,sebuf,sizeof(sebuf)));`
`653`	`655`	`return-1;`
`@@ -737,7 +739,9 @@ pqReadData(PGconn *conn)`
`737`	`739`	`if (SOCK_ERRNO==ECONNRESET)`
`738`	`740`	`gotodefinitelyFailed;`
`739`	`741`	`#endif`
`740`		`-printfPQExpBuffer(&conn->errorMessage,`
	`742`	`+/* in SSL mode, pqsecure_read set the error message */`
	`743`	`+if (conn->ssl==NULL)`
	`744`	`+printfPQExpBuffer(&conn->errorMessage,`
`741`	`745`	`libpq_gettext("could not receive data from server: %s\n"),`
`742`	`746`	`SOCK_STRERROR(SOCK_ERRNO,sebuf,sizeof(sebuf)));`
`743`	`747`	`return-1;`
`@@ -753,8 +757,10 @@ pqReadData(PGconn *conn)`
`753`	`757`	`* means the connection has been closed. Cope.`
`754`	`758`	`*/`
`755`	`759`	`definitelyFailed:`
`756`		`-printfPQExpBuffer(&conn->errorMessage,`
`757`		`-libpq_gettext(`
	`760`	`+/* in SSL mode, pqsecure_read set the error message */`
	`761`	`+if (conn->ssl==NULL)`
	`762`	`+printfPQExpBuffer(&conn->errorMessage,`
	`763`	`+libpq_gettext(`
`758`	`764`	`"server closed the connection unexpectedly\n"`
`759`	`765`	`"\tThis probably means the server terminated abnormally\n"`
`760`	`766`	`"\tbefore or while processing the request.\n"));`
`@@ -831,8 +837,10 @@ pqSendSome(PGconn *conn, int len)`
`831`	`837`	`#ifdefECONNRESET`
`832`	`838`	`caseECONNRESET:`
`833`	`839`	`#endif`
`834`		`-printfPQExpBuffer(&conn->errorMessage,`
`835`		`-libpq_gettext(`
	`840`	`+/* in SSL mode, pqsecure_write set the error message */`
	`841`	`+if (conn->ssl==NULL)`
	`842`	`+printfPQExpBuffer(&conn->errorMessage,`
	`843`	`+libpq_gettext(`
`836`	`844`	`"server closed the connection unexpectedly\n"`
`837`	`845`	`"\tThis probably means the server terminated abnormally\n"`
`838`	`846`	`"\tbefore or while processing the request.\n"));`
`@@ -849,7 +857,9 @@ pqSendSome(PGconn *conn, int len)`
`849`	`857`	`return-1;`
`850`	`858`
`851`	`859`	`default:`
`852`		`-printfPQExpBuffer(&conn->errorMessage,`
	`860`	`+/* in SSL mode, pqsecure_write set the error message */`
	`861`	`+if (conn->ssl==NULL)`
	`862`	`+printfPQExpBuffer(&conn->errorMessage,`
`853`	`863`	`libpq_gettext("could not send data to server: %s\n"),`
`854`	`864`	`SOCK_STRERROR(SOCK_ERRNO,sebuf,sizeof(sebuf)));`
`855`	`865`	`/* We don't assume it's a fatal error... */`

`‎src/interfaces/libpq/fe-secure.c`

Lines changed: 50 additions & 11 deletions

Original file line number	Diff line number	Diff line change
`@@ -302,6 +302,11 @@ pqsecure_close(PGconn *conn)`
`302`	`302`
`303`	`303`	`/*`
`304`	`304`	`*Read data from a secure connection.`
	`305`	`+ *`
	`306`	`+ * If SSL is in use, this function is responsible for putting a suitable`
	`307`	`+ * message into conn->errorMessage upon error; but the caller does that`
	`308`	`+ * when not using SSL. In either case, caller uses the returned errno`
	`309`	`+ * to decide whether to continue/retry after error.`
`305`	`310`	`*/`
`306`	`311`	`ssize_t`
`307`	`312`	`pqsecure_read(PGconnconn,voidptr,size_tlen)`
`@@ -325,6 +330,13 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`325`	`330`	`switch (err)`
`326`	`331`	`{`
`327`	`332`	`caseSSL_ERROR_NONE:`
	`333`	`+if (n<0)`
	`334`	`+{`
	`335`	`+printfPQExpBuffer(&conn->errorMessage,`
	`336`	`+libpq_gettext("SSL_read failed but did not provide error information\n"));`
	`337`	`+/* assume the connection is broken */`
	`338`	`+SOCK_ERRNO_SET(ECONNRESET);`
	`339`	`+}`
`328`	`340`	`break;`
`329`	`341`	`caseSSL_ERROR_WANT_READ:`
`330`	`342`	`n=0;`
`@@ -342,7 +354,7 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`342`	`354`	`{`
`343`	`355`	`charsebuf[256];`
`344`	`356`
`345`		`-if (n==-1)`
	`357`	`+if (n<0)`
`346`	`358`	`{`
`347`	`359`	`REMEMBER_EPIPE(spinfo,SOCK_ERRNO==EPIPE);`
`348`	`360`	`printfPQExpBuffer(&conn->errorMessage,`
`@@ -353,29 +365,36 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`353`	`365`	`{`
`354`	`366`	`printfPQExpBuffer(&conn->errorMessage,`
`355`	`367`	`libpq_gettext("SSL SYSCALL error: EOF detected\n"));`
`356`		`-`
	`368`	`+/* assume the connection is broken */`
`357`	`369`	`SOCK_ERRNO_SET(ECONNRESET);`
`358`	`370`	`n=-1;`
`359`	`371`	`}`
`360`	`372`	`break;`
`361`	`373`	`}`
`362`	`374`	`caseSSL_ERROR_SSL:`
`363`	`375`	`{`
`364`		`-char*err=SSLerrmessage();`
	`376`	`+char*errm=SSLerrmessage();`
`365`	`377`
`366`	`378`	`printfPQExpBuffer(&conn->errorMessage,`
`367`		`-libpq_gettext("SSL error: %s\n"),err);`
`368`		`-SSLerrfree(err);`
	`379`	`+libpq_gettext("SSL error: %s\n"),errm);`
	`380`	`+SSLerrfree(errm);`
	`381`	`+/* assume the connection is broken */`
	`382`	`+SOCK_ERRNO_SET(ECONNRESET);`
	`383`	`+n=-1;`
	`384`	`+break;`
`369`	`385`	`}`
`370`		`-/* fall through */`
`371`	`386`	`caseSSL_ERROR_ZERO_RETURN:`
	`387`	`+printfPQExpBuffer(&conn->errorMessage,`
	`388`	`+libpq_gettext("SSL connection has been closed unexpectedly\n"));`
`372`	`389`	`SOCK_ERRNO_SET(ECONNRESET);`
`373`	`390`	`n=-1;`
`374`	`391`	`break;`
`375`	`392`	`default:`
`376`	`393`	`printfPQExpBuffer(&conn->errorMessage,`
`377`	`394`	`libpq_gettext("unrecognized SSL error code: %d\n"),`
`378`	`395`	`err);`
	`396`	`+/* assume the connection is broken */`
	`397`	`+SOCK_ERRNO_SET(ECONNRESET);`
`379`	`398`	`n=-1;`
`380`	`399`	`break;`
`381`	`400`	`}`
`@@ -391,6 +410,11 @@ pqsecure_read(PGconn conn, void ptr, size_t len)`
`391`	`410`
`392`	`411`	`/*`
`393`	`412`	`*Write data to a secure connection.`
	`413`	`+ *`
	`414`	`+ * If SSL is in use, this function is responsible for putting a suitable`
	`415`	`+ * message into conn->errorMessage upon error; but the caller does that`
	`416`	`+ * when not using SSL. In either case, caller uses the returned errno`
	`417`	`+ * to decide whether to continue/retry after error.`
`394`	`418`	`*/`
`395`	`419`	`ssize_t`
`396`	`420`	`pqsecure_write(PGconnconn,constvoidptr,size_tlen)`
`@@ -412,6 +436,13 @@ pqsecure_write(PGconn conn, const void ptr, size_t len)`
`412`	`436`	`switch (err)`
`413`	`437`	`{`
`414`	`438`	`caseSSL_ERROR_NONE:`
	`439`	`+if (n<0)`
	`440`	`+{`
	`441`	`+printfPQExpBuffer(&conn->errorMessage,`
	`442`	`+libpq_gettext("SSL_write failed but did not provide error information\n"));`
	`443`	`+/* assume the connection is broken */`
	`444`	`+SOCK_ERRNO_SET(ECONNRESET);`
	`445`	`+}`
`415`	`446`	`break;`
`416`	`447`	`caseSSL_ERROR_WANT_READ:`
`417`	`448`
`@@ -429,7 +460,7 @@ pqsecure_write(PGconn conn, const void ptr, size_t len)`
`429`	`460`	`{`
`430`	`461`	`charsebuf[256];`
`431`	`462`
`432`		`-if (n==-1)`
	`463`	`+if (n<0)`
`433`	`464`	`{`
`434`	`465`	`REMEMBER_EPIPE(spinfo,SOCK_ERRNO==EPIPE);`
`435`	`466`	`printfPQExpBuffer(&conn->errorMessage,`
`@@ -440,28 +471,36 @@ pqsecure_write(PGconn conn, const void ptr, size_t len)`
`440`	`471`	`{`
`441`	`472`	`printfPQExpBuffer(&conn->errorMessage,`
`442`	`473`	`libpq_gettext("SSL SYSCALL error: EOF detected\n"));`
	`474`	`+/* assume the connection is broken */`
`443`	`475`	`SOCK_ERRNO_SET(ECONNRESET);`
`444`	`476`	`n=-1;`
`445`	`477`	`}`
`446`	`478`	`break;`
`447`	`479`	`}`
`448`	`480`	`caseSSL_ERROR_SSL:`
`449`	`481`	`{`
`450`		`-char*err=SSLerrmessage();`
	`482`	`+char*errm=SSLerrmessage();`
`451`	`483`
`452`	`484`	`printfPQExpBuffer(&conn->errorMessage,`
`453`		`-libpq_gettext("SSL error: %s\n"),err);`
`454`		`-SSLerrfree(err);`
	`485`	`+libpq_gettext("SSL error: %s\n"),errm);`
	`486`	`+SSLerrfree(errm);`
	`487`	`+/* assume the connection is broken */`
	`488`	`+SOCK_ERRNO_SET(ECONNRESET);`
	`489`	`+n=-1;`
	`490`	`+break;`
`455`	`491`	`}`
`456`		`-/* fall through */`
`457`	`492`	`caseSSL_ERROR_ZERO_RETURN:`
	`493`	`+printfPQExpBuffer(&conn->errorMessage,`
	`494`	`+libpq_gettext("SSL connection has been closed unexpectedly\n"));`
`458`	`495`	`SOCK_ERRNO_SET(ECONNRESET);`
`459`	`496`	`n=-1;`
`460`	`497`	`break;`
`461`	`498`	`default:`
`462`	`499`	`printfPQExpBuffer(&conn->errorMessage,`
`463`	`500`	`libpq_gettext("unrecognized SSL error code: %d\n"),`
`464`	`501`	`err);`
	`502`	`+/* assume the connection is broken */`
	`503`	`+SOCK_ERRNO_SET(ECONNRESET);`
`465`	`504`	`n=-1;`
`466`	`505`	`break;`
`467`	`506`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commitfee476d

File tree

2 files changed

2 files changed

`‎src/interfaces/libpq/fe-misc.c`

`‎src/interfaces/libpq/fe-secure.c`

0 commit comments