Code review for commit 274bb2b.

robertmhaas · robertmhaas · commit 9a1d0af4ad2c · 2016-11-22T15:50:39.000-05:00
Avoid memory leak in conninfo_uri_parse_options.  Use the current host
rather than the comma-separated list of host names when the host name
is needed for GSS, SSPI, or SSL authentication.  Document the way
connect_timeout interacts with multiple host specifications.

Takayuki Tsunakawa
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
@@ -1009,6 +1009,10 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
        Maximum wait for connection, in seconds (write as a decimal integer
        string). Zero or not specified means wait indefinitely.  It is not
        recommended to use a timeout of less than 2 seconds.
+       This timeout applies separately to each connection attempt.
+       For example, if you specify two hosts and both of them are unreachable,
+       and <literal>connect_timeout</> is 5, the total time spent waiting for a
+       connection might be up to 10 seconds.
       </para>
       </listitem>
      </varlistentry>
diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
@@ -170,8 +170,9 @@ pg_GSS_startup(PGconn *conn)
 				min_stat;
 	int			maxlen;
 	gss_buffer_desc temp_gbuf;
+	char	   *host = PQhost(conn);
 
-	if (!(conn->pghost && conn->pghost[0] != '\0'))
+	if (!(host && host[0] != '\0'))
 	{
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("host name must be specified\n"));
@@ -198,7 +199,7 @@ pg_GSS_startup(PGconn *conn)
 		return STATUS_ERROR;
 	}
 	snprintf(temp_gbuf.value, maxlen, "%s@%s",
-			 conn->krbsrvname, conn->pghost);
+			 conn->krbsrvname, host);
 	temp_gbuf.length = strlen(temp_gbuf.value);
 
 	maj_stat = gss_import_name(&min_stat, &temp_gbuf,
@@ -371,6 +372,7 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate)
 {
 	SECURITY_STATUS r;
 	TimeStamp	expire;
+	char	   *host = PQhost(conn);
 
 	conn->sspictx = NULL;
 
@@ -406,19 +408,19 @@ pg_SSPI_startup(PGconn *conn, int use_negotiate)
 	 * but not more complex. We can skip the @REALM part, because Windows will
 	 * fill that in for us automatically.
 	 */
-	if (!(conn->pghost && conn->pghost[0] != '\0'))
+	if (!(host && host[0] != '\0'))
 	{
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("host name must be specified\n"));
 		return STATUS_ERROR;
 	}
-	conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(conn->pghost) + 2);
+	conn->sspitarget = malloc(strlen(conn->krbsrvname) + strlen(host) + 2);
 	if (!conn->sspitarget)
 	{
 		printfPQExpBuffer(&conn->errorMessage, libpq_gettext("out of memory\n"));
 		return STATUS_ERROR;
 	}
-	sprintf(conn->sspitarget, "%s/%s", conn->krbsrvname, conn->pghost);
+	sprintf(conn->sspitarget, "%s/%s", conn->krbsrvname, host);
 
 	/*
 	 * Indicate that we're in SSPI authentication mode to make sure that
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
@@ -4931,7 +4931,7 @@ conninfo_uri_parse_options(PQconninfoOption *options, const char *uri,
 {
 	int			prefix_len;
 	char	   *p;
-	char	   *buf;
+	char	   *buf = NULL;
 	char	   *start;
 	char		prevchar = '\0';
 	char	   *user = NULL;
@@ -4946,7 +4946,7 @@ conninfo_uri_parse_options(PQconninfoOption *options, const char *uri,
 	{
 		printfPQExpBuffer(errorMessage,
 						  libpq_gettext("out of memory\n"));
-		return false;
+		goto cleanup;
 	}
 
 	/* need a modifiable copy of the input URI */
@@ -4955,7 +4955,7 @@ conninfo_uri_parse_options(PQconninfoOption *options, const char *uri,
 	{
 		printfPQExpBuffer(errorMessage,
 						  libpq_gettext("out of memory\n"));
-		return false;
+		goto cleanup;
 	}
 	start = buf;
 
@@ -5156,7 +5156,8 @@ conninfo_uri_parse_options(PQconninfoOption *options, const char *uri,
 cleanup:
 	termPQExpBuffer(&hostbuf);
 	termPQExpBuffer(&portbuf);
-	free(buf);
+	if (buf)
+		free(buf);
 	return retval;
 }
 
diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c
@@ -483,6 +483,7 @@ verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name_entry,
 	char	   *name;
 	const unsigned char *namedata;
 	int			result;
+	char	   *host = PQhost(conn);
 
 	*store_name = NULL;
 
@@ -528,12 +529,12 @@ verify_peer_name_matches_certificate_name(PGconn *conn, ASN1_STRING *name_entry,
 		return -1;
 	}
 
-	if (pg_strcasecmp(name, conn->pghost) == 0)
+	if (pg_strcasecmp(name, host) == 0)
 	{
 		/* Exact name match */
 		result = 1;
 	}
-	else if (wildcard_certificate_match(name, conn->pghost))
+	else if (wildcard_certificate_match(name, host))
 	{
 		/* Matched wildcard name */
 		result = 1;
@@ -563,6 +564,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
 	STACK_OF(GENERAL_NAME) *peer_san;
 	int			i;
 	int			rc;
+	char	   *host = PQhost(conn);
 
 	/*
 	 * If told not to verify the peer name, don't do it. Return true
@@ -572,7 +574,7 @@ verify_peer_name_matches_certificate(PGconn *conn)
 		return true;
 
 	/* Check that we have a hostname to compare with. */
-	if (!(conn->pghost && conn->pghost[0] != '\0'))
+	if (!(host && host[0] != '\0'))
 	{
 		printfPQExpBuffer(&conn->errorMessage,
 						  libpq_gettext("host name must be specified for a verified SSL connection\n"));
@@ -670,13 +672,13 @@ verify_peer_name_matches_certificate(PGconn *conn)
 							  libpq_ngettext("server certificate for \"%s\" (and %d other name) does not match host name \"%s\"\n",
 											 "server certificate for \"%s\" (and %d other names) does not match host name \"%s\"\n",
 											 names_examined - 1),
-							  first_name, names_examined - 1, conn->pghost);
+							  first_name, names_examined - 1, host);
 		}
 		else if (names_examined == 1)
 		{
 			printfPQExpBuffer(&conn->errorMessage,
 							  libpq_gettext("server certificate for \"%s\" does not match host name \"%s\"\n"),
-							  first_name, conn->pghost);
+							  first_name, host);
 		}
 		else
 		{

Original file line number	Diff line number	Diff line change
`@@ -4931,7 +4931,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4931`	`4931`	`{`
`4932`	`4932`	`int prefix_len;`
`4933`	`4933`	`char *p;`
`4934`		`- char *buf;`
	`4934`	`+ char *buf = NULL;`
`4935`	`4935`	`char *start;`
`4936`	`4936`	`char prevchar = '\0';`
`4937`	`4937`	`char *user = NULL;`
`@@ -4946,7 +4946,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4946`	`4946`	`{`
`4947`	`4947`	`printfPQExpBuffer(errorMessage,`
`4948`	`4948`	`libpq_gettext("out of memory\n"));`
`4949`		`- return false;`
	`4949`	`+ goto cleanup;`
`4950`	`4950`	`}`
`4951`	`4951`
`4952`	`4952`	`/* need a modifiable copy of the input URI */`
`@@ -4955,7 +4955,7 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`4955`	`4955`	`{`
`4956`	`4956`	`printfPQExpBuffer(errorMessage,`
`4957`	`4957`	`libpq_gettext("out of memory\n"));`
`4958`		`- return false;`
	`4958`	`+ goto cleanup;`
`4959`	`4959`	`}`
`4960`	`4960`	`start = buf;`
`4961`	`4961`
`@@ -5156,7 +5156,8 @@ conninfo_uri_parse_options(PQconninfoOption options, const char uri,`
`5156`	`5156`	`cleanup:`
`5157`	`5157`	`termPQExpBuffer(&hostbuf);`
`5158`	`5158`	`termPQExpBuffer(&portbuf);`
`5159`		`- free(buf);`
	`5159`	`+ if (buf)`
	`5160`	`+ free(buf);`
`5160`	`5161`	`return retval;`
`5161`	`5162`	`}`
`5162`	`5163`
Original file line number	Diff line number	Diff line change
`@@ -483,6 +483,7 @@ verify_peer_name_matches_certificate_name(PGconn conn, ASN1_STRING name_entry,`
`483`	`483`	`char *name;`
`484`	`484`	`const unsigned char *namedata;`
`485`	`485`	`int result;`
	`486`	`+ char *host = PQhost(conn);`
`486`	`487`
`487`	`488`	`*store_name = NULL;`
`488`	`489`
`@@ -528,12 +529,12 @@ verify_peer_name_matches_certificate_name(PGconn conn, ASN1_STRING name_entry,`
`528`	`529`	`return -1;`
`529`	`530`	`}`
`530`	`531`
`531`		`- if (pg_strcasecmp(name, conn->pghost) == 0)`
	`532`	`+ if (pg_strcasecmp(name, host) == 0)`
`532`	`533`	`{`
`533`	`534`	`/* Exact name match */`
`534`	`535`	`result = 1;`
`535`	`536`	`}`
`536`		`- else if (wildcard_certificate_match(name, conn->pghost))`
	`537`	`+ else if (wildcard_certificate_match(name, host))`
`537`	`538`	`{`
`538`	`539`	`/* Matched wildcard name */`
`539`	`540`	`result = 1;`
`@@ -563,6 +564,7 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`563`	`564`	`STACK_OF(GENERAL_NAME) *peer_san;`
`564`	`565`	`int i;`
`565`	`566`	`int rc;`
	`567`	`+ char *host = PQhost(conn);`
`566`	`568`
`567`	`569`	`/*`
`568`	`570`	`* If told not to verify the peer name, don't do it. Return true`
`@@ -572,7 +574,7 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`572`	`574`	`return true;`
`573`	`575`
`574`	`576`	`/* Check that we have a hostname to compare with. */`
`575`		`- if (!(conn->pghost && conn->pghost[0] != '\0'))`
	`577`	`+ if (!(host && host[0] != '\0'))`
`576`	`578`	`{`
`577`	`579`	`printfPQExpBuffer(&conn->errorMessage,`
`578`	`580`	`libpq_gettext("host name must be specified for a verified SSL connection\n"));`
`@@ -670,13 +672,13 @@ verify_peer_name_matches_certificate(PGconn *conn)`
`670`	`672`	`libpq_ngettext("server certificate for \"%s\" (and %d other name) does not match host name \"%s\"\n",`
`671`	`673`	`"server certificate for \"%s\" (and %d other names) does not match host name \"%s\"\n",`
`672`	`674`	`names_examined - 1),`
`673`		`- first_name, names_examined - 1, conn->pghost);`
	`675`	`+ first_name, names_examined - 1, host);`
`674`	`676`	`}`
`675`	`677`	`else if (names_examined == 1)`
`676`	`678`	`{`
`677`	`679`	`printfPQExpBuffer(&conn->errorMessage,`
`678`	`680`	`libpq_gettext("server certificate for \"%s\" does not match host name \"%s\"\n"),`
`679`		`- first_name, conn->pghost);`
	`681`	`+ first_name, host);`
`680`	`682`	`}`
`681`	`683`	`else`
`682`	`684`	`{`