database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-27 22:56:53 +03:00
Code

Don't forget to de-escape the password field in .pgpass.

Browse Source 
This has been broken just about forever (or more specifically, commit
7f4981f4af1700456f98ac3f2b2d84959919ec81) and nobody noticed until
Richard Huxton reported it recently.  Analysis and fix by Ross
Reedstrom, although I didn't use his patch.  This doesn't seem
important enough to back-patch and is mildly backward incompatible, so
I'm just doing this in master.
This commit is contained in:
Robert Haas 2011-12-22 12:55:27 -05:00
parent c31224e257
commit 8d15e3ec4f
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/interfaces/libpq/fe-connect.c
View File

@ -4904,7 +4904,9 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
while (!feof(fp) && !ferror(fp))
{
char *t = buf,
*ret;
*ret,
*p1,
*p2;
int len;
if (fgets(buf, sizeof(buf), fp) == NULL)
@ -4925,6 +4927,16 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
continue;
ret = strdup(t);
fclose(fp);
/* De-escape password. */
for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2)
{
if (*p1 == '\\' && p1[1] != '\0')
++p1;
*p2 = *p1;
}
*p2 = '\0';
return ret;
}