Sunday, September 21, 2008

Re: [HACKERS] [patch] fix dblink security hole

Tom Lane wrote:
> Hmm ... one problem with this is that the caller can't tell
> failure-because-out-of-memory from failure-because-string-is-bogus.

<snip>

> Is it worth having the
> PQconninfoParse function pass back the error message to avoid this
> corner case?

I thought briefly about it, and wasn't sure it would be worth the ugliness.

> The API would be a lot more ugly, perhaps

> int PQconninfoParse(const char *connstr,
> PQconninfoOption **options,
> char **errmsg)
>
> okay: *options is set, *errmsg is NULL, return true
> bogus string: *options is NULL, *errmsg is set, return false
> out of memory: both outputs NULL, return false

conninfo_parse() returns NULL on error, so why not something like:

PQconninfoOption *
PQconninfoParse(const char *conninfo, char **errmsg)
{
PQExpBufferData errorBuf;
bool password_from_string;
PQconninfoOption *connOptions;

initPQExpBuffer(&errorBuf);
connOptions = conninfo_parse(conninfo, &errorBuf,
&password_from_string);

if (!connOptions && errmsg)
*errmsg = pstrdup(errorBuf.data);

termPQExpBuffer(&errorBuf);
return connOptions;
}

If the return value is NULL, use errmsg if you'd like. I'd guess in most
instances you don't even need to bother freeing errmsg as it is in a
limited life memory context.

Joe

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

No comments: