Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit e72ca17

Browse files
scrappyscrappy
committed
fixes for several potential null pointer dereferences
submitted by: Paul "Shag" Walmsley <ccshag@cclabs.missouri.edu>
1 parent 950b6ab commit e72ca17

File tree

2 files changed

+140
-15
lines changed

2 files changed

+140
-15
lines changed

src/interfaces/libpq/fe-connect.c

+53-5
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.1.1.1 1996/07/09 06:22:17 scrappy Exp $
10+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.2 1996/07/12 04:53:57 scrappy Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -70,7 +70,12 @@ PQsetdb(char *pghost, char* pgport, char* pgoptions, char* pgtty, char* dbName)
7070
char *tmp;
7171

7272
conn = (PGconn*)malloc(sizeof(PGconn));
73-
73+
74+
if (!conn) {
75+
fprintf(stderr,"FATAL: pqsetdb() -- unable to allocate memory for a PGconn");
76+
return (PGconn*)NULL;
77+
}
78+
7479
conn->Pfout = NULL;
7580
conn->Pfin = NULL;
7681
conn->Pfdebug = NULL;
@@ -307,9 +312,13 @@ closePGconn(PGconn *conn)
307312
void
308313
PQfinish(PGconn *conn)
309314
{
310-
if (conn->status == CONNECTION_OK)
311-
closePGconn(conn);
312-
freePGconn(conn);
315+
if (!conn) {
316+
fprintf(stderr,"PQfinish() -- pointer to PGconn is null");
317+
} else {
318+
if (conn->status == CONNECTION_OK)
319+
closePGconn(conn);
320+
freePGconn(conn);
321+
}
313322
}
314323

315324
/* PQreset :
@@ -319,8 +328,12 @@ PQfinish(PGconn *conn)
319328
void
320329
PQreset(PGconn *conn)
321330
{
331+
if (!conn) {
332+
fprintf(stderr,"PQreset() -- pointer to PGconn is null");
333+
} else {
322334
closePGconn(conn);
323335
conn->status = connectDB(conn);
336+
}
324337
}
325338

326339
/*
@@ -395,42 +408,77 @@ startup2PacketBuf(StartupInfo* s, PacketBuf* res)
395408
char*
396409
PQdb(PGconn* conn)
397410
{
411+
if (!conn) {
412+
fprintf(stderr,"PQdb() -- pointer to PGconn is null");
413+
return (char *)NULL;
414+
}
415+
398416
return conn->dbName;
399417
}
400418

401419
char*
402420
PQhost(PGconn* conn)
403421
{
422+
if (!conn) {
423+
fprintf(stderr,"PQhost() -- pointer to PGconn is null");
424+
return (char *)NULL;
425+
}
426+
404427
return conn->pghost;
405428
}
406429

407430
char*
408431
PQoptions(PGconn* conn)
409432
{
433+
if (!conn) {
434+
fprintf(stderr,"PQoptions() -- pointer to PGconn is null");
435+
return (char *)NULL;
436+
}
437+
410438
return conn->pgoptions;
411439
}
412440

413441
char*
414442
PQtty(PGconn* conn)
415443
{
444+
if (!conn) {
445+
fprintf(stderr,"PQtty() -- pointer to PGconn is null");
446+
return (char *)NULL;
447+
}
448+
416449
return conn->pgtty;
417450
}
418451

419452
char*
420453
PQport(PGconn* conn)
421454
{
455+
if (!conn) {
456+
fprintf(stderr,"PQport() -- pointer to PGconn is null");
457+
return (char *)NULL;
458+
}
459+
422460
return conn->pgport;
423461
}
424462

425463
ConnStatusType
426464
PQstatus(PGconn* conn)
427465
{
466+
if (!conn) {
467+
fprintf(stderr,"PQstatus() -- pointer to PGconn is null");
468+
return CONNECTION_BAD;
469+
}
470+
428471
return conn->status;
429472
}
430473

431474
char*
432475
PQerrorMessage(PGconn* conn)
433476
{
477+
if (!conn) {
478+
fprintf(stderr,"PQerrorMessage() -- pointer to PGconn is null");
479+
return (char *)NULL;
480+
}
481+
434482
return conn->errorMessage;
435483
}
436484

src/interfaces/libpq/fe-exec.c

+87-10
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
*
88
*
99
* IDENTIFICATION
10-
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.1.1.1 1996/07/09 06:22:17 scrappy Exp $
10+
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-exec.c,v 1.2 1996/07/12 04:53:59 scrappy Exp $
1111
*
1212
*-------------------------------------------------------------------------
1313
*/
@@ -358,12 +358,20 @@ PQexec(PGconn* conn, char* query)
358358
char cmdStatus[MAX_MESSAGE_LEN];
359359
char pname[MAX_MESSAGE_LEN]; /* portal name */
360360
PGnotify *newNotify;
361-
FILE *Pfin = conn->Pfin;
362-
FILE *Pfout = conn->Pfout;
363-
FILE* Pfdebug = conn->Pfdebug;
361+
FILE *Pfin, *Pfout, *Pfdebug;
364362

365363
pname[0]='\0';
366364

365+
if (!conn) return NULL;
366+
if (!query) {
367+
sprintf(conn->errorMessage, "PQexec() -- query pointer is null.");
368+
return NULL;
369+
}
370+
371+
Pfin = conn->Pfin;
372+
Pfout = conn->Pfout;
373+
Pfdebug = conn->Pfdebug;
374+
367375
/*clear the error string */
368376
conn->errorMessage[0] = '\0';
369377

@@ -500,6 +508,9 @@ PGnotify*
500508
PQnotifies(PGconn *conn)
501509
{
502510
Dlelem *e;
511+
512+
if (!conn) return NULL;
513+
503514
if (conn->status != CONNECTION_OK)
504515
return NULL;
505516
/* RemHead returns NULL if list is empy */
@@ -531,6 +542,8 @@ int
531542
PQgetline(PGconn *conn, char *s, int maxlen)
532543
{
533544
int c = '\0';
545+
546+
if (!conn) return EOF;
534547

535548
if (!conn->Pfin || !s || maxlen <= 1)
536549
return(EOF);
@@ -561,7 +574,7 @@ PQgetline(PGconn *conn, char *s, int maxlen)
561574
void
562575
PQputline(PGconn *conn, char *s)
563576
{
564-
if (conn->Pfout) {
577+
if (conn && (conn->Pfout)) {
565578
(void) fputs(s, conn->Pfout);
566579
fflush(conn->Pfout);
567580
}
@@ -580,8 +593,12 @@ int
580593
PQendcopy(PGconn *conn)
581594
{
582595
char id;
583-
FILE *Pfin = conn->Pfin;
584-
FILE* Pfdebug = conn->Pfdebug;
596+
FILE *Pfin, *Pfdebug;
597+
598+
if (!conn) return (int)NULL;
599+
600+
Pfin = conn->Pfin;
601+
Pfdebug = conn->Pfdebug;
585602

586603
if ( (id = pqGetc(Pfin,Pfdebug)) > 0)
587604
return(0);
@@ -836,12 +853,16 @@ PQfn(PGconn *conn,
836853
PQArgBlock *args,
837854
int nargs)
838855
{
839-
FILE *Pfin = conn->Pfin;
840-
FILE *Pfout = conn->Pfout;
841-
FILE* Pfdebug = conn->Pfdebug;
856+
FILE *Pfin, *Pfout, *Pfdebug;
842857
int id;
843858
int i;
844859

860+
if (!conn) return NULL;
861+
862+
Pfin = conn->Pfin;
863+
Pfout = conn->Pfout;
864+
Pfdebug = conn->Pfdebug;
865+
845866
/* clear the error string */
846867
conn->errorMessage[0] = '\0';
847868

@@ -916,18 +937,33 @@ PQfn(PGconn *conn,
916937
ExecStatusType
917938
PQresultStatus(PGresult* res)
918939
{
940+
if (!res) {
941+
fprintf(stderr, "PQresultStatus() -- pointer to PQresult is null");
942+
return PGRES_NONFATAL_ERROR;
943+
}
944+
919945
return res->resultStatus;
920946
}
921947

922948
int
923949
PQntuples(PGresult *res)
924950
{
951+
if (!res) {
952+
fprintf(stderr, "PQntuples() -- pointer to PQresult is null");
953+
return (int)NULL;
954+
}
955+
925956
return res->ntups;
926957
}
927958

928959
int
929960
PQnfields(PGresult *res)
930961
{
962+
if (!res) {
963+
fprintf(stderr, "PQnfields() -- pointer to PQresult is null");
964+
return (int)NULL;
965+
}
966+
931967
return res->numAttributes;
932968
}
933969

@@ -937,6 +973,12 @@ PQnfields(PGresult *res)
937973
char*
938974
PQfname(PGresult *res, int field_num)
939975
{
976+
977+
if (!res) {
978+
fprintf(stderr, "PQfname() -- pointer to PQresult is null");
979+
return NULL;
980+
}
981+
940982
if (field_num > (res->numAttributes - 1)) {
941983
fprintf(stderr,
942984
"PQfname: ERROR! name of field %d(of %d) is not available",
@@ -957,6 +999,11 @@ PQfnumber(PGresult *res, char* field_name)
957999
{
9581000
int i;
9591001

1002+
if (!res) {
1003+
fprintf(stderr, "PQfnumber() -- pointer to PQresult is null");
1004+
return -1;
1005+
}
1006+
9601007
if (field_name == NULL ||
9611008
field_name[0] == '\0' ||
9621009
res->attDescs == NULL)
@@ -973,6 +1020,11 @@ PQfnumber(PGresult *res, char* field_name)
9731020
Oid
9741021
PQftype(PGresult *res, int field_num)
9751022
{
1023+
if (!res) {
1024+
fprintf(stderr, "PQftype() -- pointer to PQresult is null");
1025+
return InvalidOid;
1026+
}
1027+
9761028
if (field_num > (res->numAttributes - 1)) {
9771029
fprintf(stderr,
9781030
"PQftype: ERROR! type of field %d(of %d) is not available",
@@ -987,6 +1039,11 @@ PQftype(PGresult *res, int field_num)
9871039
int2
9881040
PQfsize(PGresult *res, int field_num)
9891041
{
1042+
if (!res) {
1043+
fprintf(stderr, "PQfsize() -- pointer to PQresult is null");
1044+
return (int2)NULL;
1045+
}
1046+
9901047
if (field_num > (res->numAttributes - 1)) {
9911048
fprintf(stderr,
9921049
"PQfsize: ERROR! size of field %d(of %d) is not available",
@@ -999,6 +1056,11 @@ PQfsize(PGresult *res, int field_num)
9991056
}
10001057

10011058
char* PQcmdStatus(PGresult *res) {
1059+
if (!res) {
1060+
fprintf(stderr, "PQcmdStatus() -- pointer to PQresult is null");
1061+
return NULL;
1062+
}
1063+
10021064
return res->cmdStatus;
10031065
}
10041066

@@ -1008,6 +1070,11 @@ char* PQcmdStatus(PGresult *res) {
10081070
if not, return ""
10091071
*/
10101072
char* PQoidStatus(PGresult *res) {
1073+
if (!res) {
1074+
fprintf(stderr, "PQoidStatus() -- pointer to PQresult is null");
1075+
return NULL;
1076+
}
1077+
10111078
if (!res->cmdStatus)
10121079
return "";
10131080

@@ -1031,6 +1098,11 @@ char* PQoidStatus(PGresult *res) {
10311098
char*
10321099
PQgetvalue(PGresult *res, int tup_num, int field_num)
10331100
{
1101+
if (!res) {
1102+
fprintf(stderr, "PQgetvalue() -- pointer to PQresult is null");
1103+
return NULL;
1104+
}
1105+
10341106
if (tup_num > (res->ntups - 1) ||
10351107
field_num > (res->numAttributes - 1)) {
10361108
fprintf(stderr,
@@ -1050,6 +1122,11 @@ PQgetvalue(PGresult *res, int tup_num, int field_num)
10501122
int
10511123
PQgetlength(PGresult *res, int tup_num, int field_num)
10521124
{
1125+
if (!res) {
1126+
fprintf(stderr, "PQgetlength() -- pointer to PQresult is null");
1127+
return (int)NULL;
1128+
}
1129+
10531130
if (tup_num > (res->ntups - 1 )||
10541131
field_num > (res->numAttributes - 1)) {
10551132
fprintf(stderr,

0 commit comments

Comments
 (0)