ecpg: Fix NULL pointer dereference during connection lookup

ECPGconnect() caches established connections to the server, supporting the case of a NULL connection name when a database name is not specified by its caller. A follow-up call to ECPGget_PGconn() to get an established connection from the cached set with a non-NULL name could cause a NULL pointer dereference if a NULL connection was listed in the cache and checked for a match. At least two connections are necessary to reproduce the issue: one with a NULL name and one with a non-NULL name. Author: Aleksander Alekseev <aleksander@tigerdata.com> Discussion: https://postgr.es/m/CAJ7c6TNvFTPUTZQuNAoqgzaSGz-iM4XR61D7vEj5PsQXwg2RyA@mail.gmail.com Backpatch-through: 13
2025-10-29 22:49:41 +03:00 · 2025-07-22 14:00:05 +09:00
parent 6b755d8d70
commit 2805e1c1ed
1 changed files with 6 additions and 1 deletions
--- a/src/interfaces/ecpg/ecpglib/connect.c
+++ b/src/interfaces/ecpg/ecpglib/connect.c
@@ -58,7 +58,12 @@ ecpg_get_connection_nr(const char *connection_name)

 		for (con = all_connections; con != NULL; con = con->next)
 		{
-			if (strcmp(connection_name, con->name) == 0)
+			/*
+			 * Check for the case of a NULL connection name, stored as such in
+			 * the connection information by ECPGconnect() when the database
+			 * name is not specified by its caller.
+			 */
+			if (con->name != NULL && strcmp(connection_name, con->name) == 0)
 				break;
 		}
 		ret = con;