summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f4a3e67)
raw | patch | inline | side by side (parent: f4a3e67)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Nov 2012 00:57:24 +0000 (19:57 -0500) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Nov 2012 00:57:24 +0000 (19:57 -0500) |
The length of a socket path name is constrained by the size of struct
sockaddr_un, and there's not a lot we can do about it since that is a
kernel API. However, it would be a good thing if we produced an
intelligible error message when the user specifies a socket path that's too
long --- and getaddrinfo's standard API is too impoverished to do this in
the natural way. So insert explicit tests at the places where we construct
a socket path name. Now you'll get an error that makes sense and even
tells you what the limit is, rather than something generic like
"Non-recoverable failure in name resolution".
Per trouble report from Jeremy Drake and a fix idea from Andrew Dunstan.
sockaddr_un, and there's not a lot we can do about it since that is a
kernel API. However, it would be a good thing if we produced an
intelligible error message when the user specifies a socket path that's too
long --- and getaddrinfo's standard API is too impoverished to do this in
the natural way. So insert explicit tests at the places where we construct
a socket path name. Now you'll get an error that makes sense and even
tells you what the limit is, rather than something generic like
"Non-recoverable failure in name resolution".
Per trouble report from Jeremy Drake and a fix idea from Andrew Dunstan.
| src/backend/libpq/pqcomm.c | patch | blob | blame | history | |
| src/include/libpq/pqcomm.h | patch | blob | blame | history | |
| src/interfaces/libpq/fe-connect.c | patch | blob | blame | history |
index 85350661cef08f59936253f8e7d335c2e315eea2..e93090602f3506e164e695318b4432aeac1e2ea3 100644 (file)
Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)
{
UNIXSOCK_PATH(sock_path, portNumber, unixSocketName);
+ if (strlen(sock_path) >= UNIXSOCK_PATH_BUFLEN)
+ {
+ ereport(LOG,
+ (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",
+ sock_path,
+ (int) (UNIXSOCK_PATH_BUFLEN - 1))));
+ return STATUS_ERROR;
+ }
/*
* Grab an interlock file associated with the socket file.
index df81db1dfec647e6bbb7dc1e763a33bfda2681a8..865be974e8e4b21275b0cdd04636119f97bb7136 100644 (file)
DEFAULT_PGSOCKET_DIR, \
(port))
+/*
+ * The maximum workable length of a socket path is what will fit into
+ * struct sockaddr_un. This is usually only 100 or so bytes :-(.
+ *
+ * For consistency, always pass a MAXPGPATH-sized buffer to UNIXSOCK_PATH(),
+ * then complain if the resulting string is >= UNIXSOCK_PATH_BUFLEN bytes.
+ * (Because the standard API for getaddrinfo doesn't allow it to complain in
+ * a useful way when the socket pathname is too long, we have to test for
+ * this explicitly, instead of just letting the subroutine return an error.)
+ */
+#define UNIXSOCK_PATH_BUFLEN sizeof(((struct sockaddr_un *) NULL)->sun_path)
+
+
/*
* These manipulate the frontend/backend protocol version number.
*
index 7157e4c3fb11bf341b524807e9a74ee199ab4b85..0235650c9cf5a0dda096d1a81932f83839493b41 100644 (file)
connectDBStart(PGconn *conn)
{
int portnum;
- char portstr[128];
+ char portstr[MAXPGPATH];
struct addrinfo *addrs = NULL;
struct addrinfo hint;
const char *node;
node = NULL;
hint.ai_family = AF_UNIX;
UNIXSOCK_PATH(portstr, portnum, conn->pgunixsocket);
+ if (strlen(portstr) >= UNIXSOCK_PATH_BUFLEN)
+ {
+ appendPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("Unix-domain socket path \"%s\" is too long (maximum %d bytes)\n"),
+ portstr,
+ (int) (UNIXSOCK_PATH_BUFLEN - 1));
+ conn->options_valid = false;
+ goto connect_errReturn;
+ }
#else
/* Without Unix sockets, default to localhost instead */
node = "localhost";