Field conninfo strings throughout src/bin/scripts.

These programs nominally accepted conninfo strings, but they would proceed to use the original dbname parameter as though it were an unadorned database name. This caused "reindexdb dbname=foo" to issue an SQL command that always failed, and other programs printed a conninfo string in error messages that purported to print a database name. Fix both problems by using PQdb() to retrieve actual database names. Continue to print the full conninfo string when reporting a connection failure. It is informative there, and if the database name is the sole problem, the server-side error message will include the name. Beyond those user-visible fixes, this allows a subsequent commit to synthesize and use conninfo strings without that implementation detail leaking into messages. As a side effect, the "vacuuming database" message now appears after, not before, the connection attempt. Back-patch to 9.1 (all supported versions). Reviewed by Michael Paquier and Peter Eisentraut. Security: CVE-2016-5424
2025-11-03 09:13:20 +03:00 · 2016-08-08 10:07:46 -04:00
parent afabfcc0eb
commit aed0387958
5 changed files with 26 additions and 26 deletions
--- a/src/bin/scripts/clusterdb.c
+++ b/src/bin/scripts/clusterdb.c
@@ -209,10 +209,10 @@ cluster_one_database(const char *dbname, bool verbose, const char *table,
 	{
 		if (table)
 			fprintf(stderr, _("%s: clustering of table \"%s\" in database \"%s\" failed: %s"),
-					progname, table, dbname, PQerrorMessage(conn));
+					progname, table, PQdb(conn), PQerrorMessage(conn));
 		else
 			fprintf(stderr, _("%s: clustering of database \"%s\" failed: %s"),
-					progname, dbname, PQerrorMessage(conn));
+					progname, PQdb(conn), PQerrorMessage(conn));
 		PQfinish(conn);
 		exit(1);
 	}
--- a/src/bin/scripts/createlang.c
+++ b/src/bin/scripts/createlang.c
@@ -192,10 +192,10 @@ main(int argc, char *argv[])
 	result = executeQuery(conn, sql.data, progname, echo);
 	if (PQntuples(result) > 0)
 	{
 		PQfinish(conn);
 		fprintf(stderr,
 		  _("%s: language \"%s\" is already installed in database \"%s\"\n"),
-				progname, langname, dbname);
+				progname, langname, PQdb(conn));
 		PQfinish(conn);
 		/* separate exit status for "already installed" */
 		exit(2);
 	}
--- a/src/bin/scripts/droplang.c
+++ b/src/bin/scripts/droplang.c
@@ -199,10 +199,10 @@ main(int argc, char *argv[])
 	result = executeQuery(conn, sql.data, progname, echo);
 	if (PQntuples(result) == 0)
 	{
 		PQfinish(conn);
 		fprintf(stderr, _("%s: language \"%s\" is not installed in "
 						  "database \"%s\"\n"),
-				progname, langname, dbname);
+				progname, langname, PQdb(conn));
 		PQfinish(conn);
 		exit(1);
 	}
 	PQclear(result);
--- a/src/bin/scripts/reindexdb.c
+++ b/src/bin/scripts/reindexdb.c
@@ -228,7 +228,7 @@ main(int argc, char *argv[])
 		}
 		/* reindex database only if neither index nor table is specified */
 		if (indexes.head == NULL && tables.head == NULL)
-			reindex_one_database(dbname, dbname, "DATABASE", host, port,
+			reindex_one_database(NULL, dbname, "DATABASE", host, port,
 								 username, prompt_password, progname, echo);
 	}
@@ -244,6 +244,9 @@ reindex_one_database(const char *name, const char *dbname, const char *type,
 	PGconn	   *conn;
 	conn = connectDatabase(dbname, host, port, username, prompt_password,
 						   progname, false);
 	initPQExpBuffer(&sql);
 	appendPQExpBufferStr(&sql, "REINDEX");
@@ -252,23 +255,20 @@ reindex_one_database(const char *name, const char *dbname, const char *type,
 	else if (strcmp(type, "INDEX") == 0)
 		appendPQExpBuffer(&sql, " INDEX %s", name);
 	else if (strcmp(type, "DATABASE") == 0)
-		appendPQExpBuffer(&sql, " DATABASE %s", fmtId(name));
+		appendPQExpBuffer(&sql, " DATABASE %s", fmtId(PQdb(conn)));
 	appendPQExpBufferStr(&sql, ";");
 	conn = connectDatabase(dbname, host, port, username, prompt_password,
 						   progname, false);
 	if (!executeMaintenanceCommand(conn, sql.data, echo))
 	{
 		if (strcmp(type, "TABLE") == 0)
 			fprintf(stderr, _("%s: reindexing of table \"%s\" in database \"%s\" failed: %s"),
-					progname, name, dbname, PQerrorMessage(conn));
+					progname, name, PQdb(conn), PQerrorMessage(conn));
 		if (strcmp(type, "INDEX") == 0)
 			fprintf(stderr, _("%s: reindexing of index \"%s\" in database \"%s\" failed: %s"),
-					progname, name, dbname, PQerrorMessage(conn));
+					progname, name, PQdb(conn), PQerrorMessage(conn));
 		else
 			fprintf(stderr, _("%s: reindexing of database \"%s\" failed: %s"),
-					progname, dbname, PQerrorMessage(conn));
+					progname, PQdb(conn), PQerrorMessage(conn));
 		PQfinish(conn);
 		exit(1);
 	}
@@ -314,16 +314,16 @@ reindex_system_catalogs(const char *dbname, const char *host, const char *port,
 						const char *username, enum trivalue prompt_password,
 						const char *progname, bool echo)
 {
 	PQExpBufferData sql;
 	PGconn	   *conn;
-
+	PQExpBufferData sql;
 	initPQExpBuffer(&sql);
 	appendPQExpBuffer(&sql, "REINDEX SYSTEM %s;", dbname);
 	conn = connectDatabase(dbname, host, port, username, prompt_password,
 						   progname, false);
 	initPQExpBuffer(&sql);
 	appendPQExpBuffer(&sql, "REINDEX SYSTEM %s;", PQdb(conn));
 	if (!executeMaintenanceCommand(conn, sql.data, echo))
 	{
 		fprintf(stderr, _("%s: reindexing of system catalogs failed: %s"),
--- a/src/bin/scripts/vacuumdb.c
+++ b/src/bin/scripts/vacuumdb.c
@@ -236,16 +236,16 @@ main(int argc, char *argv[])
 static void
-run_vacuum_command(PGconn *conn, const char *sql, bool echo, const char *dbname, const char *table, const char *progname)
+run_vacuum_command(PGconn *conn, const char *sql, bool echo, const char *table, const char *progname)
 {
 	if (!executeMaintenanceCommand(conn, sql, echo))
 	{
 		if (table)
 			fprintf(stderr, _("%s: vacuuming of table \"%s\" in database \"%s\" failed: %s"),
-					progname, table, dbname, PQerrorMessage(conn));
+					progname, table, PQdb(conn), PQerrorMessage(conn));
 		else
 			fprintf(stderr, _("%s: vacuuming of database \"%s\" failed: %s"),
-					progname, dbname, PQerrorMessage(conn));
+					progname, PQdb(conn), PQerrorMessage(conn));
 		PQfinish(conn);
 		exit(1);
 	}
@@ -348,7 +348,7 @@ vacuum_one_database(const char *dbname, bool full, bool verbose, bool and_analyz
 					fflush(stdout);
 				}
 				executeCommand(conn, stage_commands[i], progname, echo);
-				run_vacuum_command(conn, sql.data, echo, dbname, table, progname);
+				run_vacuum_command(conn, sql.data, echo, table, progname);
 			}
 		}
 		else
@@ -361,12 +361,12 @@ vacuum_one_database(const char *dbname, bool full, bool verbose, bool and_analyz
 				fflush(stdout);
 			}
 			executeCommand(conn, stage_commands[stage], progname, echo);
-			run_vacuum_command(conn, sql.data, echo, dbname, table, progname);
+			run_vacuum_command(conn, sql.data, echo, table, progname);
 		}
 	}
 	else
-		run_vacuum_command(conn, sql.data, echo, dbname, NULL, progname);
+		run_vacuum_command(conn, sql.data, echo, NULL, progname);
 	PQfinish(conn);
 	termPQExpBuffer(&sql);