summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c8c7c7)
raw | patch | inline | side by side (parent: 5c8c7c7)
| author | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Nov 2012 00:57:38 +0000 (19:57 -0500) | ||
| committer | Tom Lane <tgl@sss.pgh.pa.us> | |
| Fri, 30 Nov 2012 00:57:38 +0000 (19:57 -0500) |
The length of a socket path name is constrained by the size of struct
sockaddr_un, and there's not a lot we can do about it since that is a
kernel API. However, it would be a good thing if we produced an
intelligible error message when the user specifies a socket path that's too
long --- and getaddrinfo's standard API is too impoverished to do this in
the natural way. So insert explicit tests at the places where we construct
a socket path name. Now you'll get an error that makes sense and even
tells you what the limit is, rather than something generic like
"Non-recoverable failure in name resolution".
Per trouble report from Jeremy Drake and a fix idea from Andrew Dunstan.
sockaddr_un, and there's not a lot we can do about it since that is a
kernel API. However, it would be a good thing if we produced an
intelligible error message when the user specifies a socket path that's too
long --- and getaddrinfo's standard API is too impoverished to do this in
the natural way. So insert explicit tests at the places where we construct
a socket path name. Now you'll get an error that makes sense and even
tells you what the limit is, rather than something generic like
"Non-recoverable failure in name resolution".
Per trouble report from Jeremy Drake and a fix idea from Andrew Dunstan.
| src/backend/libpq/pqcomm.c | patch | blob | blame | history | |
| src/include/libpq/pqcomm.h | patch | blob | blame | history | |
| src/interfaces/libpq/fe-connect.c | patch | blob | blame | history |
index cbccf348e717c1ab5e0ebf3c5bbf50cbc3961569..f89cdc3d50727b5d03bb6cb6bddbf2ddd1af2cd5 100644 (file)
Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName)
{
UNIXSOCK_PATH(sock_path, portNumber, unixSocketName);
+ if (strlen(sock_path) >= UNIXSOCK_PATH_BUFLEN)
+ {
+ ereport(LOG,
+ (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)",
+ sock_path,
+ (int) (UNIXSOCK_PATH_BUFLEN - 1))));
+ return STATUS_ERROR;
+ }
/*
* Grab an interlock file associated with the socket file.
index 31839b201523e6f7e152b239d853f36f9e57daee..ab02a89aa5436e1c034f5fc38b5f914f4b4013a3 100644 (file)
DEFAULT_PGSOCKET_DIR, \
(port))
+/*
+ * The maximum workable length of a socket path is what will fit into
+ * struct sockaddr_un. This is usually only 100 or so bytes :-(.
+ *
+ * For consistency, always pass a MAXPGPATH-sized buffer to UNIXSOCK_PATH(),
+ * then complain if the resulting string is >= UNIXSOCK_PATH_BUFLEN bytes.
+ * (Because the standard API for getaddrinfo doesn't allow it to complain in
+ * a useful way when the socket pathname is too long, we have to test for
+ * this explicitly, instead of just letting the subroutine return an error.)
+ */
+#define UNIXSOCK_PATH_BUFLEN sizeof(((struct sockaddr_un *) NULL)->sun_path)
+
+
/*
* These manipulate the frontend/backend protocol version number.
*
index 9c3959364f142f6b2023e3df319bd460953cb63e..89bf1c44192fc7aa5e96f31e508dea95176835b1 100644 (file)
connectDBStart(PGconn *conn)
{
int portnum;
- char portstr[128];
+ char portstr[MAXPGPATH];
struct addrinfo *addrs = NULL;
struct addrinfo hint;
const char *node;
node = NULL;
hint.ai_family = AF_UNIX;
UNIXSOCK_PATH(portstr, portnum, conn->pgunixsocket);
+ if (strlen(portstr) >= UNIXSOCK_PATH_BUFLEN)
+ {
+ appendPQExpBuffer(&conn->errorMessage,
+ libpq_gettext("Unix-domain socket path \"%s\" is too long (maximum %d bytes)\n"),
+ portstr,
+ (int) (UNIXSOCK_PATH_BUFLEN - 1));
+ conn->options_valid = false;
+ goto connect_errReturn;
+ }
#else
/* Without Unix sockets, default to localhost instead */
node = "localhost";