database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-25 01:02:05 +03:00
Code Activity

Add fstat / S_ISDIR checks to make sure we're not trying to use a

Browse Source 
directory for COPY TO/FROM.

Brent Verner
This commit is contained in:
Bruce Momjian
2002-02-23 21:46:03 +00:00
parent ec4027f85b
commit 5f644ea699
2 changed files with 29 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/backend/commands/copy.c
View File

@ -7,7 +7,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.145 2002/02/12 21:25:41 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/commands/copy.c,v 1.146 2002/02/23 21:46:02 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -326,12 +326,20 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
} }
else else
{ {
struct stat st;
fp = AllocateFile(filename, PG_BINARY_R); fp = AllocateFile(filename, PG_BINARY_R);
if (fp == NULL)
if (fp == NULL)
elog(ERROR, "COPY command, running in backend with " elog(ERROR, "COPY command, running in backend with "
"effective uid %d, could not open file '%s' for " "effective uid %d, could not open file '%s' for "
"reading. Errno = %s (%d).", "reading. Errno = %s (%d).",
(int) geteuid(), filename, strerror(errno), errno); (int) geteuid(), filename, strerror(errno), errno);
fstat(fileno(fp),&st);
if( S_ISDIR(st.st_mode) ){
fclose(fp);
elog(ERROR,"COPY: %s is a directory.",filename);
}
} }
CopyFrom(rel, binary, oids, fp, delim, null_print); CopyFrom(rel, binary, oids, fp, delim, null_print);
} }
@ -360,6 +368,7 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
else else
{ {
mode_t oumask; /* Pre-existing umask value */ mode_t oumask; /* Pre-existing umask value */
struct stat st;
/* /*
* Prevent write to relative path ... too easy to shoot * Prevent write to relative path ... too easy to shoot
@ -378,6 +387,11 @@ DoCopy(char *relname, bool binary, bool oids, bool from, bool pipe,
"effective uid %d, could not open file '%s' for " "effective uid %d, could not open file '%s' for "
"writing. Errno = %s (%d).", "writing. Errno = %s (%d).",
(int) geteuid(), filename, strerror(errno), errno); (int) geteuid(), filename, strerror(errno), errno);
fstat(fileno(fp),&st);
if( S_ISDIR(st.st_mode) ){
fclose(fp);
elog(ERROR,"COPY: %s is a directory.",filename);
}
} }
CopyTo(rel, binary, oids, fp, delim, null_print); CopyTo(rel, binary, oids, fp, delim, null_print);
} }

13
src/bin/psql/copy.c
View File

@ -3,7 +3,7 @@
* *
* Copyright 2000 by PostgreSQL Global Development Group * Copyright 2000 by PostgreSQL Global Development Group
* *
* $Header: /cvsroot/pgsql/src/bin/psql/copy.c,v 1.19 2001/06/02 18:25:18 petere Exp $ * $Header: /cvsroot/pgsql/src/bin/psql/copy.c,v 1.20 2002/02/23 21:46:03 momjian Exp $
*/ */
#include "postgres_fe.h" #include "postgres_fe.h"
#include "copy.h" #include "copy.h"
@ -11,6 +11,7 @@
#include <errno.h> #include <errno.h>
#include <assert.h> #include <assert.h>
#include <signal.h> #include <signal.h>
#include <sys/stat.h>
#ifndef WIN32 #ifndef WIN32
#include <unistd.h> /* for isatty */ #include <unistd.h> /* for isatty */
#else #else
@ -233,6 +234,7 @@ do_copy(const char *args)
struct copy_options *options; struct copy_options *options;
PGresult *result; PGresult *result;
bool success; bool success;
struct stat st;
/* parse options */ /* parse options */
options = parse_slash_copy(args); options = parse_slash_copy(args);
@ -292,6 +294,15 @@ do_copy(const char *args)
free_copy_options(options); free_copy_options(options);
return false; return false;
} }
/* make sure the specified file is not a directory */
fstat(fileno(copystream),&st);
if( S_ISDIR(st.st_mode) ){
fclose(copystream);
psql_error("%s: cannot COPY TO/FROM a directory\n",
options->file);
free_copy_options(options);
return false;
}
result = PSQLexec(query); result = PSQLexec(query);