Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 2116617

Browse files
tglsfdctglsfdc
committed
Fix assign_session_authorization() to not be confused by all-numeric
user names. Per recent reports.
1 parent 361eaa1 commit 2116617

File tree

1 file changed

+30
-13
lines changed

1 file changed

+30
-13
lines changed

src/backend/commands/variable.c

+30-13
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
*
1010
*
1111
* IDENTIFICATION
12-
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.72 2002/12/05 04:04:42 momjian Exp $
12+
* $Header: /cvsroot/pgsql/src/backend/commands/variable.c,v 1.73 2003/02/01 18:31:28 tgl Exp $
1313
*
1414
*-------------------------------------------------------------------------
1515
*/
@@ -519,25 +519,36 @@ show_server_encoding(void)
519519
/*
520520
* SET SESSION AUTHORIZATION
521521
*
522-
* Note: when resetting session auth after an error, we can't expect to do
523-
* catalog lookups. Hence, the stored form of the value is always a numeric
524-
* userid that can be re-used directly.
522+
* When resetting session auth after an error, we can't expect to do catalog
523+
* lookups. Hence, the stored form of the value must provide a numeric userid
524+
* that can be re-used directly. We store the string in the form of
525+
* NAMEDATALEN 'x's followed by the numeric userid --- this cannot conflict
526+
* with any valid user name, because of the NAMEDATALEN limit on names.
525527
*/
526528
const char *
527529
assign_session_authorization(const char *value, bool doit, bool interactive)
528530
{
529-
AclId usesysid;
530-
char *endptr;
531+
AclId usesysid = 0;
531532
char *result;
532533

533-
usesysid = (Oid) strtoul(value, &endptr, 10);
534-
535-
if (endptr != value && *endptr == '\0' && OidIsValid(usesysid))
534+
if (strspn(value, "x") == NAMEDATALEN)
536535
{
537-
/* use the numeric user ID */
536+
/* might be a saved numeric userid */
537+
char *endptr;
538+
539+
usesysid = (AclId) strtoul(value + NAMEDATALEN, &endptr, 10);
540+
541+
if (endptr != value + NAMEDATALEN && *endptr == '\0')
542+
{
543+
/* syntactically valid, so use the numeric user ID */
544+
}
545+
else
546+
usesysid = 0;
538547
}
539-
else
548+
549+
if (usesysid == 0)
540550
{
551+
/* not a saved ID, so look it up */
541552
HeapTuple userTup;
542553

543554
userTup = SearchSysCache(SHADOWNAME,
@@ -558,17 +569,23 @@ assign_session_authorization(const char *value, bool doit, bool interactive)
558569
if (doit)
559570
SetSessionAuthorization(usesysid);
560571

561-
result = (char *) malloc(32);
572+
result = (char *) malloc(NAMEDATALEN + 32);
562573
if (!result)
563574
return NULL;
564575

565-
snprintf(result, 32, "%lu", (unsigned long) usesysid);
576+
memset(result, 'x', NAMEDATALEN);
577+
578+
snprintf(result + NAMEDATALEN, 32, "%lu", (unsigned long) usesysid);
566579

567580
return result;
568581
}
569582

570583
const char *
571584
show_session_authorization(void)
572585
{
586+
/*
587+
* We can't use the stored string; see comments for
588+
* assign_session_authorization
589+
*/
573590
return GetUserNameFromId(GetSessionUserId());
574591
}

0 commit comments

Comments
 (0)