diff options
author | Tom Lane <tgl@sss.pgh.pa.us> | 2012-11-29 19:57:38 -0500 |
---|---|---|
committer | Tom Lane <tgl@sss.pgh.pa.us> | 2012-11-29 19:57:38 -0500 |
commit | 9837be98731f0cbad681631587991f747c8d9139 (patch) | |
tree | 2b0cef6155eceff0bf8635d1b8a4a9c3e3adee6f | |
parent | 5c8c7c7c5ffbcb7776199c7bfb0e91d9b614bb83 (diff) | |
download | postgresql-9837be98731f0cbad681631587991f747c8d9139.tar.gz |
Produce a more useful error message for over-length Unix socket paths.
The length of a socket path name is constrained by the size of struct
sockaddr_un, and there's not a lot we can do about it since that is a
kernel API. However, it would be a good thing if we produced an
intelligible error message when the user specifies a socket path that's too
long --- and getaddrinfo's standard API is too impoverished to do this in
the natural way. So insert explicit tests at the places where we construct
a socket path name. Now you'll get an error that makes sense and even
tells you what the limit is, rather than something generic like
"Non-recoverable failure in name resolution".
Per trouble report from Jeremy Drake and a fix idea from Andrew Dunstan.
-rw-r--r-- | src/backend/libpq/pqcomm.c | 8 | ||||
-rw-r--r-- | src/include/libpq/pqcomm.h | 13 | ||||
-rw-r--r-- | src/interfaces/libpq/fe-connect.c | 11 |
3 files changed, 31 insertions, 1 deletions
diff --git a/src/backend/libpq/pqcomm.c b/src/backend/libpq/pqcomm.c index cbccf348e7..f89cdc3d50 100644 --- a/src/backend/libpq/pqcomm.c +++ b/src/backend/libpq/pqcomm.c @@ -476,6 +476,14 @@ static int Lock_AF_UNIX(unsigned short portNumber, char *unixSocketName) { UNIXSOCK_PATH(sock_path, portNumber, unixSocketName); + if (strlen(sock_path) >= UNIXSOCK_PATH_BUFLEN) + { + ereport(LOG, + (errmsg("Unix-domain socket path \"%s\" is too long (maximum %d bytes)", + sock_path, + (int) (UNIXSOCK_PATH_BUFLEN - 1)))); + return STATUS_ERROR; + } /* * Grab an interlock file associated with the socket file. diff --git a/src/include/libpq/pqcomm.h b/src/include/libpq/pqcomm.h index 31839b2015..ab02a89aa5 100644 --- a/src/include/libpq/pqcomm.h +++ b/src/include/libpq/pqcomm.h @@ -74,6 +74,19 @@ typedef struct (port)) /* + * The maximum workable length of a socket path is what will fit into + * struct sockaddr_un. This is usually only 100 or so bytes :-(. + * + * For consistency, always pass a MAXPGPATH-sized buffer to UNIXSOCK_PATH(), + * then complain if the resulting string is >= UNIXSOCK_PATH_BUFLEN bytes. + * (Because the standard API for getaddrinfo doesn't allow it to complain in + * a useful way when the socket pathname is too long, we have to test for + * this explicitly, instead of just letting the subroutine return an error.) + */ +#define UNIXSOCK_PATH_BUFLEN sizeof(((struct sockaddr_un *) NULL)->sun_path) + + +/* * These manipulate the frontend/backend protocol version number. * * The major number should be incremented for incompatible changes. The minor diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 9c3959364f..89bf1c4419 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -765,7 +765,7 @@ static int connectDBStart(PGconn *conn) { int portnum; - char portstr[128]; + char portstr[MAXPGPATH]; struct addrinfo *addrs = NULL; struct addrinfo hint; const char *node; @@ -817,6 +817,15 @@ connectDBStart(PGconn *conn) node = NULL; hint.ai_family = AF_UNIX; UNIXSOCK_PATH(portstr, portnum, conn->pgunixsocket); + if (strlen(portstr) >= UNIXSOCK_PATH_BUFLEN) + { + appendPQExpBuffer(&conn->errorMessage, + libpq_gettext("Unix-domain socket path \"%s\" is too long (maximum %d bytes)\n"), + portstr, + (int) (UNIXSOCK_PATH_BUFLEN - 1)); + conn->options_valid = false; + goto connect_errReturn; + } #else /* Without Unix sockets, default to localhost instead */ node = "localhost"; |