1
0
mirror of https://github.com/postgres/postgres.git synced 2025-08-30 06:01:21 +03:00
Commit Graph

84 Commits

Author SHA1 Message Date
Noah Misch
1a366d51ef On Darwin, detect and report a multithreaded postmaster.
Darwin --enable-nls builds use a substitute setlocale() that may start a
thread.  Buildfarm member orangutan experienced BackendList corruption
on account of different postmaster threads executing signal handlers
simultaneously.  Furthermore, a multithreaded postmaster risks undefined
behavior from sigprocmask() and fork().  Emit LOG messages about the
problem and its workaround.  Back-patch to 9.0 (all supported versions).
2015-01-07 22:40:40 -05:00
Tom Lane
e3208fec32 Prevent potential overruns of fixed-size buffers.
Coverity identified a number of places in which it couldn't prove that a
string being copied into a fixed-size buffer would fit.  We believe that
most, perhaps all of these are in fact safe, or are copying data that is
coming from a trusted source so that any overrun is not really a security
issue.  Nonetheless it seems prudent to forestall any risk by using
strlcpy() and similar functions.

Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.

In addition, fix a potential null-pointer-dereference crash in
contrib/chkpass.  The crypt(3) function is defined to return NULL on
failure, but chkpass.c didn't check for that before using the result.
The main practical case in which this could be an issue is if libc is
configured to refuse to execute unapproved hashing algorithms (e.g.,
"FIPS mode").  This ideally should've been a separate commit, but
since it touches code adjacent to one of the buffer overrun changes,
I included it in this commit to avoid last-minute merge issues.
This issue was reported by Honza Horak.

Security: CVE-2014-0065 for buffer overruns, CVE-2014-0066 for crypt()
2014-02-17 11:20:24 -05:00
Heikki Linnakangas
3d009e45bd Add support for piping COPY to/from an external program.
This includes backend "COPY TO/FROM PROGRAM '...'" syntax, and corresponding
psql \copy syntax. Like with reading/writing files, the backend version is
superuser-only, and in the psql version, the program is run in the client.

In the passing, the psql \copy STDIN/STDOUT syntax is subtly changed: if you
the stdin/stdout is quoted, it's now interpreted as a filename. For example,
"\copy foo from 'stdin'" now reads from a file called 'stdin', not from
standard input. Before this, there was no way to specify a filename called
stdin, stdout, pstdin or pstdout.

This creates a new function in pgport, wait_result_to_str(), which can
be used to convert the exit status of a process, as returned by wait(3),
to a human-readable string.

Etsuro Fujita, reviewed by Amit Kapila.
2013-02-27 18:22:31 +02:00
Bruce Momjian
bd61a623ac Update copyrights for 2013
Fully update git head, and update back branches in ./COPYRIGHT and
legal.sgml files.
2013-01-01 17:15:01 -05:00
Kevin Grittner
6b896f511f Fix typo in comment for pclose_check() function.
Backpatch to 9.2.

Etsuro Fujit
2012-09-12 22:33:10 -05:00
Peter Eisentraut
1a26e1c766 Add strerror() string to chdir() error message 2012-08-28 23:01:23 -04:00
Tom Lane
9ae8ebe0b2 Improve reporting of error situations in find_other_exec().
This function suppressed any stderr output from the called program, which
is unnecessary in the normal case and unhelpful in error cases.  It also
gave a rather opaque message along the lines of "fgets failure: Success"
in case the called program failed to return anything on stdout.  Since
we've seen multiple reports of people not understanding what's wrong when
pg_ctl reports this, improve the message.

Back-patch to all active branches.
2012-07-27 19:31:13 -04:00
Andrew Dunstan
d2c1740dc2 Remove now redundant pgpipe code. 2012-03-28 23:24:07 -04:00
Bruce Momjian
e126958c2e Update copyright notices for year 2012. 2012-01-01 18:01:58 -05:00
Peter Eisentraut
1af55e2751 Use consistent format for reporting GetLastError()
Use something like "error code %lu" for reporting GetLastError()
values on Windows.  Previously, a mix of different wordings and
formats were in use.
2011-08-23 22:00:52 +03:00
Bruce Momjian
bf50caf105 pgindent run before PG 9.1 beta 1. 2011-04-10 11:42:00 -04:00
Bruce Momjian
426227850b Rename function to first_path_var_separator() to clarify it works with
path variables, not directory paths.
2011-02-02 22:49:54 -05:00
Bruce Momjian
5d950e3b0c Stamp copyrights for year 2011. 2011-01-01 13:18:15 -05:00
Alvaro Herrera
cd1fefa973 Avoid clobbering errno, per comment from Tom. 2010-12-16 17:15:37 -03:00
Alvaro Herrera
83c759ea0e Fix inconsequential FILE pointer leakage 2010-12-16 16:45:11 -03:00
Magnus Hagander
9f2e211386 Remove cvs keywords from all files. 2010-09-20 22:08:53 +02:00
Bruce Momjian
65e806cba1 pgindent run for 9.0 2010-02-26 02:01:40 +00:00
Tom Lane
0fba3bef55 Simplify validate_exec() by using access(2) to check file permissions,
rather than trying to implement the equivalent logic by hand.  The motivation
for the original coding appears to have been to check with the effective uid's
permissions not the real uid's; but there is no longer any difference, because
we don't run the postmaster setuid (indeed, main.c enforces that they're the
same).  Using access() means we will get it right in situations the original
coding failed to handle, such as ACL-based permissions.  Besides it's a lot
shorter, cleaner, and more thread-safe.  Per bug #5275 from James Bellinger.
2010-01-14 00:14:06 +00:00
Bruce Momjian
0239800893 Update copyright for the year 2010. 2010-01-02 16:58:17 +00:00
Magnus Hagander
da8d684d39 Add inheritable ACE when creating a restricted token for execution on
Win32.

Also refactor the code around it to be more clear.

Jesse Morris
2009-11-14 15:39:36 +00:00
Magnus Hagander
36942504fc Fix minor memory leak in Win32 SID handling functions. Not a big issue
since it's only called during process startup, thus no backpatch.

Found by TAKATSUKA Haruka, patch by Magnus Hagander and
Andrew Chernow
2009-07-27 08:46:10 +00:00
Bruce Momjian
d747140279 8.4 pgindent run, with new combined Linux/FreeBSD/MinGW typedef list
provided by Andrew.
2009-06-11 14:49:15 +00:00
Bruce Momjian
511db38ace Update copyright for 2009. 2009-01-01 17:24:05 +00:00
Peter Eisentraut
218b4e8dd8 Append major version number and for libraries soname major version number
to the gettext domain name, to simplify parallel installations.

Also, rename set_text_domain() to pg_bindtextdomain(), because that is what
it does.
2008-12-11 07:34:09 +00:00
Andrew Dunstan
74be86847c Fix MinGW warnings re formats and unused variables. per ITAGAKI Takahiro 2008-04-16 22:16:00 +00:00
Tom Lane
c5f11f9d19 Fix a number of places that were making file-type tests infelicitously.
The places that did, eg,
	(statbuf.st_mode & S_IFMT) == S_IFDIR
were correct, but there is no good reason not to use S_ISDIR() instead,
especially when that's what the other 90% of our code does.  The places
that did, eg,
	(statbuf.st_mode & S_IFDIR)
were flat out *wrong* and would fail in various platform-specific ways,
eg a symlink could be mistaken for a regular file on most Unixen.

The actual impact of this is probably small, since the problem cases
seem to always involve symlinks or sockets, which are unlikely to be
found in the directories that PG code might be scanning.  But it's
clearly trouble waiting to happen, so patch all the way back anyway.
(There seem to be no occurrences of the mistake in 7.4.)
2008-03-31 01:31:43 +00:00
Magnus Hagander
2d2b022267 Fix handling of restricted processes for Windows Vista (mainly),
by explicitly adding back the user to the DACL of the new process.
This fixes the failure case when executing as the Administrator
user, which had no permissions left at all after we dropped the
Administrators group.

Dave Page with some modifications from me
2008-02-29 15:31:33 +00:00
Bruce Momjian
9098ab9e32 Update copyrights in source tree to 2008. 2008-01-01 19:46:01 +00:00
Bruce Momjian
fdf5a5efb7 pgindent run for 8.3. 2007-11-15 21:14:46 +00:00
Bruce Momjian
a6017cff0b Use sizeof() for snprintf() buffer length. 2007-01-29 20:22:35 +00:00
Bruce Momjian
5b4fa95984 Update process termination message to display signal number and name
from exec.c and postmaster.c.
2007-01-29 20:17:40 +00:00
Tom Lane
76c7d2afee Drat, can't fit an additional argument into log_error. Is it worth an
sprintf pushup to be sure we can report something useful for out-of-range
exitstatus?
2007-01-28 07:29:32 +00:00
Tom Lane
a9fa52504f Clean up broken usage of HAVE_DECL_SYS_SIGLIST and inconsistent/poorly
formatted error messages.
2007-01-28 06:32:03 +00:00
Bruce Momjian
91ed399517 Use autoconf build-in sys_siglist macro AC_DECL_SYS_SIGLIST, rather than
create our own.
2007-01-28 03:50:34 +00:00
Bruce Momjian
c2c0b318d8 Add signal.h for sys_siglist reference. 2007-01-28 02:33:09 +00:00
Bruce Momjian
82480fc254 Use sys_siglist[] to print out signal names for signal exits, rather
than just numbers.
2007-01-28 01:12:05 +00:00
Bruce Momjian
8502b68513 Remove newline from error message because URL is gone. 2007-01-23 03:31:33 +00:00
Bruce Momjian
882b9948d7 Back out use of FormatMessage(), does error values, not exception
values.  Point to /include/ntstatus.h for an exception list, rather than
a URL.
2007-01-23 03:28:49 +00:00
Bruce Momjian
610f60a092 Print meaningfull error text for abonormal process exit on Win32, rather
than hex codes, using FormatMessage().
2007-01-23 01:45:11 +00:00
Bruce Momjian
208ae0c290 When system() fails in Win32, report it as an exception, print the
exception value in hex, and give a URL where the value can be looked-up.
2007-01-22 18:31:51 +00:00
Bruce Momjian
29dccf5fe0 Update CVS HEAD for 2007 copyright. Back branches are typically not
back-stamped for this.
2007-01-05 22:20:05 +00:00
Tom Lane
568b80168f Move set_pglocale_pgservice() from path.c to exec.c, so that pulling in
path.c does not in itself force linking of both exec.c and libintl.
Should fix current ecpglib build failure on pickier platforms.
2006-09-11 20:10:30 +00:00
Bruce Momjian
399a36a75d Prepare code to be built by MSVC:
o  remove many WIN32_CLIENT_ONLY defines
	o  add WIN32_ONLY_COMPILER define
	o  add 3rd argument to open() for portability
	o  add include/port/win32_msvc directory for
	   system includes

Magnus Hagander
2006-06-07 22:24:46 +00:00
Bruce Momjian
f2f5b05655 Update copyright for 2006. Update scripts. 2006-03-05 15:59:11 +00:00
Bruce Momjian
436a2956d8 Re-run pgindent, fixing a problem where comment lines after a blank
comment line where output as too long, and update typedefs for /lib
directory.  Also fix case where identifiers were used as variable names
in the backend, but as typedefs in ecpg (favor the backend for
indenting).

Backpatch to 8.1.X.
2005-11-22 18:17:34 +00:00
Bruce Momjian
1dc3498251 Standard pgindent run for 8.1. 2005-10-15 02:49:52 +00:00
Bruce Momjian
0542b1e2fe Use _() macro consistently rather than gettext(). Add translation
macros around strings that were missing them.
2005-02-22 04:43:23 +00:00
Tom Lane
982e998064 Add missing gettext() calls in find_my_exec(). It's probably too late
to get these strings translated, but we may as well have them be
translatable as not.
2005-01-14 17:47:49 +00:00
PostgreSQL Daemon
2ff501590b Tag appropriate files for rc3
Also performed an initial run through of upgrading our Copyright date to
extend to 2005 ... first run here was very simple ... change everything
where: grep 1996-2004 && the word 'Copyright' ... scanned through the
generated list with 'less' first, and after, to make sure that I only
picked up the right entries ...
2004-12-31 22:04:05 +00:00
Tom Lane
f0c08ae7c9 Remove 'optimization' to skip resolve_symlinks() when the found
executable file isn't itself a symlink.  We still need to run the
algorithm so that any directory symlinks in the path to the
executable are replaced by a true path.  Noticed this on seeing
pg_config give me a completely wrong answer for --pkglibdir when
I called it through a symlink to the installation bindir.
2004-12-24 16:55:43 +00:00