From a466ea33c0acbf9938144ffd9eecdabbb69e8f46 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 8 Aug 2016 10:07:46 -0400 Subject: [PATCH] Field conninfo strings throughout src/bin/scripts. These programs nominally accepted conninfo strings, but they would proceed to use the original dbname parameter as though it were an unadorned database name. This caused "reindexdb dbname=foo" to issue an SQL command that always failed, and other programs printed a conninfo string in error messages that purported to print a database name. Fix both problems by using PQdb() to retrieve actual database names. Continue to print the full conninfo string when reporting a connection failure. It is informative there, and if the database name is the sole problem, the server-side error message will include the name. Beyond those user-visible fixes, this allows a subsequent commit to synthesize and use conninfo strings without that implementation detail leaking into messages. As a side effect, the "vacuuming database" message now appears after, not before, the connection attempt. Back-patch to 9.1 (all supported versions). Reviewed by Michael Paquier and Peter Eisentraut. Security: CVE-2016-5424 --- src/bin/scripts/clusterdb.c | 4 ++-- src/bin/scripts/createlang.c | 4 ++-- src/bin/scripts/droplang.c | 4 ++-- src/bin/scripts/reindexdb.c | 28 ++++++++++++++-------------- src/bin/scripts/vacuumdb.c | 4 ++-- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/src/bin/scripts/clusterdb.c b/src/bin/scripts/clusterdb.c index b8ac6759b48..8755d60db73 100644 --- a/src/bin/scripts/clusterdb.c +++ b/src/bin/scripts/clusterdb.c @@ -196,10 +196,10 @@ cluster_one_database(const char *dbname, bool verbose, const char *table, { if (table) fprintf(stderr, _("%s: clustering of table \"%s\" in database \"%s\" failed: %s"), - progname, table, dbname, PQerrorMessage(conn)); + progname, table, PQdb(conn), PQerrorMessage(conn)); else fprintf(stderr, _("%s: clustering of database \"%s\" failed: %s"), - progname, dbname, PQerrorMessage(conn)); + progname, PQdb(conn), PQerrorMessage(conn)); PQfinish(conn); exit(1); } diff --git a/src/bin/scripts/createlang.c b/src/bin/scripts/createlang.c index 60066af377f..1babef9be88 100644 --- a/src/bin/scripts/createlang.c +++ b/src/bin/scripts/createlang.c @@ -190,10 +190,10 @@ main(int argc, char *argv[]) result = executeQuery(conn, sql.data, progname, echo); if (PQntuples(result) > 0) { - PQfinish(conn); fprintf(stderr, _("%s: language \"%s\" is already installed in database \"%s\"\n"), - progname, langname, dbname); + progname, langname, PQdb(conn)); + PQfinish(conn); /* separate exit status for "already installed" */ exit(2); } diff --git a/src/bin/scripts/droplang.c b/src/bin/scripts/droplang.c index 4772dc514e3..3f79f72f243 100644 --- a/src/bin/scripts/droplang.c +++ b/src/bin/scripts/droplang.c @@ -197,10 +197,10 @@ main(int argc, char *argv[]) result = executeQuery(conn, sql.data, progname, echo); if (PQntuples(result) == 0) { - PQfinish(conn); fprintf(stderr, _("%s: language \"%s\" is not installed in " "database \"%s\"\n"), - progname, langname, dbname); + progname, langname, PQdb(conn)); + PQfinish(conn); exit(1); } PQclear(result); diff --git a/src/bin/scripts/reindexdb.c b/src/bin/scripts/reindexdb.c index d1e27bdb5f7..7132f377cb5 100644 --- a/src/bin/scripts/reindexdb.c +++ b/src/bin/scripts/reindexdb.c @@ -214,7 +214,7 @@ main(int argc, char *argv[]) username, prompt_password, progname, echo); /* reindex database only if index or table is not specified */ if (index == NULL && table == NULL) - reindex_one_database(dbname, dbname, "DATABASE", host, port, + reindex_one_database(NULL, dbname, "DATABASE", host, port, username, prompt_password, progname, echo); } @@ -230,6 +230,9 @@ reindex_one_database(const char *name, const char *dbname, const char *type, PGconn *conn; + conn = connectDatabase(dbname, host, port, username, prompt_password, + progname, false); + initPQExpBuffer(&sql); appendPQExpBuffer(&sql, "REINDEX"); @@ -238,23 +241,20 @@ reindex_one_database(const char *name, const char *dbname, const char *type, else if (strcmp(type, "INDEX") == 0) appendPQExpBuffer(&sql, " INDEX %s", name); else if (strcmp(type, "DATABASE") == 0) - appendPQExpBuffer(&sql, " DATABASE %s", fmtId(name)); + appendPQExpBuffer(&sql, " DATABASE %s", fmtId(PQdb(conn))); appendPQExpBuffer(&sql, ";\n"); - conn = connectDatabase(dbname, host, port, username, prompt_password, - progname, false); - if (!executeMaintenanceCommand(conn, sql.data, echo)) { if (strcmp(type, "TABLE") == 0) fprintf(stderr, _("%s: reindexing of table \"%s\" in database \"%s\" failed: %s"), - progname, name, dbname, PQerrorMessage(conn)); + progname, name, PQdb(conn), PQerrorMessage(conn)); if (strcmp(type, "INDEX") == 0) fprintf(stderr, _("%s: reindexing of index \"%s\" in database \"%s\" failed: %s"), - progname, name, dbname, PQerrorMessage(conn)); + progname, name, PQdb(conn), PQerrorMessage(conn)); else fprintf(stderr, _("%s: reindexing of database \"%s\" failed: %s"), - progname, dbname, PQerrorMessage(conn)); + progname, PQdb(conn), PQerrorMessage(conn)); PQfinish(conn); exit(1); } @@ -300,16 +300,16 @@ reindex_system_catalogs(const char *dbname, const char *host, const char *port, const char *username, enum trivalue prompt_password, const char *progname, bool echo) { - PQExpBufferData sql; - PGconn *conn; - - initPQExpBuffer(&sql); - - appendPQExpBuffer(&sql, "REINDEX SYSTEM %s;\n", dbname); + PQExpBufferData sql; conn = connectDatabase(dbname, host, port, username, prompt_password, progname, false); + + initPQExpBuffer(&sql); + + appendPQExpBuffer(&sql, "REINDEX SYSTEM %s;\n", PQdb(conn)); + if (!executeMaintenanceCommand(conn, sql.data, echo)) { fprintf(stderr, _("%s: reindexing of system catalogs failed: %s"), diff --git a/src/bin/scripts/vacuumdb.c b/src/bin/scripts/vacuumdb.c index 0ac6ab4ed59..2cacfdae3e6 100644 --- a/src/bin/scripts/vacuumdb.c +++ b/src/bin/scripts/vacuumdb.c @@ -288,10 +288,10 @@ vacuum_one_database(const char *dbname, bool full, bool verbose, bool and_analyz { if (table) fprintf(stderr, _("%s: vacuuming of table \"%s\" in database \"%s\" failed: %s"), - progname, table, dbname, PQerrorMessage(conn)); + progname, table, PQdb(conn), PQerrorMessage(conn)); else fprintf(stderr, _("%s: vacuuming of database \"%s\" failed: %s"), - progname, dbname, PQerrorMessage(conn)); + progname, PQdb(conn), PQerrorMessage(conn)); PQfinish(conn); exit(1); }