Sunday, September 21, 2008

Re: [HACKERS] [patch] fix dblink security hole

Tom Lane wrote:
> Hmm ... one problem with this is that the caller can't tell
> failure-because-out-of-memory from failure-because-string-is-bogus.


> Is it worth having the
> PQconninfoParse function pass back the error message to avoid this
> corner case?

I thought briefly about it, and wasn't sure it would be worth the ugliness.

> The API would be a lot more ugly, perhaps

> int PQconninfoParse(const char *connstr,
> PQconninfoOption **options,
> char **errmsg)
> okay: *options is set, *errmsg is NULL, return true
> bogus string: *options is NULL, *errmsg is set, return false
> out of memory: both outputs NULL, return false

conninfo_parse() returns NULL on error, so why not something like:

PQconninfoOption *
PQconninfoParse(const char *conninfo, char **errmsg)
PQExpBufferData errorBuf;
bool password_from_string;
PQconninfoOption *connOptions;

connOptions = conninfo_parse(conninfo, &errorBuf,

if (!connOptions && errmsg)
*errmsg = pstrdup(;

return connOptions;

If the return value is NULL, use errmsg if you'd like. I'd guess in most
instances you don't even need to bother freeing errmsg as it is in a
limited life memory context.


Sent via pgsql-hackers mailing list (
To make changes to your subscription:

No comments: