Skip to content

Commit 55aea0c

Browse files
tglsfdctglsfdc
committed
Teach libpq to handle arbitrary-length lines in .pgpass files.
Historically there's been a hard-wired assumption here that no line of a .pgpass file could be as long as NAMEDATALEN*5 bytes. That's a bit shaky to start off with, because (a) there's no reason to suppose that host names fit in NAMEDATALEN, and (b) this figure fails to allow for backslash escape characters. However, it fails completely if someone wants to use a very long password, and we're now hearing reports of people wanting to use "security tokens" that can run up to several hundred bytes. Another angle is that the file is specified to allow comment lines, but there's no reason to assume that long comment lines aren't possible. Rather than guessing at what might be a more suitable limit, let's replace the fixed-size buffer with an expansible PQExpBuffer. That adds one malloc/free cycle to the typical use-case, but that's surely pretty cheap relative to the I/O this code has to do. Also, add TAP test cases to exercise this code, because there was no test coverage before. This reverts most of commit 2eb3bc5, as there's no longer a need for a warning message about overlength .pgpass lines. (I kept the explicit check for comment lines, though.) In HEAD and v13, this also fixes an oversight in 74a308c: there's not much point in explicit_bzero'ing the line buffer if we only do so in two of the three exit paths. Back-patch to all supported branches, except that the test case only goes back to v10 where src/test/authentication/ was added. Discussion: https://postgr.es/m/4187382.1598909041@sss.pgh.pa.us
1 parent 3fb67ac commit 55aea0c

File tree

2 files changed

+84
-44
lines changed

2 files changed

+84
-44
lines changed

src/interfaces/libpq/fe-connect.c

Lines changed: 58 additions & 42 deletions
Original file line numberDiff line numberDiff line change
@@ -6849,9 +6849,7 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
68496849
{
68506850
FILE *fp;
68516851
struct stat stat_buf;
6852-
6853-
#define LINELEN NAMEDATALEN*5
6854-
char buf[LINELEN];
6852+
PQExpBufferData buf;
68556853

68566854
if (dbname == NULL || dbname[0] == '\0')
68576855
return NULL;
@@ -6907,63 +6905,81 @@ passwordFromFile(const char *hostname, const char *port, const char *dbname,
69076905
if (fp == NULL)
69086906
return NULL;
69096907

6908+
/* Use an expansible buffer to accommodate any reasonable line length */
6909+
initPQExpBuffer(&buf);
6910+
69106911
while (!feof(fp) && !ferror(fp))
69116912
{
6912-
char *t = buf,
6913-
*ret,
6914-
*p1,
6915-
*p2;
6916-
int len;
6913+
/* Make sure there's a reasonable amount of room in the buffer */
6914+
if (!enlargePQExpBuffer(&buf, 128))
6915+
break;
69176916

6918-
if (fgets(buf, sizeof(buf), fp) == NULL)
6917+
/* Read some data, appending it to what we already have */
6918+
if (fgets(buf.data + buf.len, buf.maxlen - buf.len, fp) == NULL)
69196919
break;
6920+
buf.len += strlen(buf.data + buf.len);
69206921

6921-
len = strlen(buf);
6922+
/* If we don't yet have a whole line, loop around to read more */
6923+
if (!(buf.len > 0 && buf.data[buf.len - 1] == '\n') && !feof(fp))
6924+
continue;
69226925

6923-
/* Remove trailing newline */
6924-
if (len > 0 && buf[len - 1] == '\n')
6926+
/* ignore comments */
6927+
if (buf.data[0] != '#')
69256928
{
6926-
buf[--len] = '\0';
6927-
/* Handle DOS-style line endings, too, even when not on Windows */
6928-
if (len > 0 && buf[len - 1] == '\r')
6929-
buf[--len] = '\0';
6930-
}
6929+
char *t = buf.data;
6930+
int len = buf.len;
69316931

6932-
if (len == 0)
6933-
continue;
6932+
/* Remove trailing newline */
6933+
if (len > 0 && t[len - 1] == '\n')
6934+
{
6935+
t[--len] = '\0';
6936+
/* Handle DOS-style line endings, too */
6937+
if (len > 0 && t[len - 1] == '\r')
6938+
t[--len] = '\0';
6939+
}
69346940

6935-
if ((t = pwdfMatchesString(t, hostname)) == NULL ||
6936-
(t = pwdfMatchesString(t, port)) == NULL ||
6937-
(t = pwdfMatchesString(t, dbname)) == NULL ||
6938-
(t = pwdfMatchesString(t, username)) == NULL)
6939-
continue;
6941+
if (len > 0 &&
6942+
(t = pwdfMatchesString(t, hostname)) != NULL &&
6943+
(t = pwdfMatchesString(t, port)) != NULL &&
6944+
(t = pwdfMatchesString(t, dbname)) != NULL &&
6945+
(t = pwdfMatchesString(t, username)) != NULL)
6946+
{
6947+
/* Found a match. */
6948+
char *ret,
6949+
*p1,
6950+
*p2;
69406951

6941-
/* Found a match. */
6942-
ret = strdup(t);
6943-
fclose(fp);
6952+
ret = strdup(t);
69446953

6945-
if (!ret)
6946-
{
6947-
/* Out of memory. XXX: an error message would be nice. */
6948-
return NULL;
6949-
}
6954+
fclose(fp);
6955+
termPQExpBuffer(&buf);
69506956

6951-
/* De-escape password. */
6952-
for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2)
6953-
{
6954-
if (*p1 == '\\' && p1[1] != '\0')
6955-
++p1;
6956-
*p2 = *p1;
6957+
if (!ret)
6958+
{
6959+
/* Out of memory. XXX: an error message would be nice. */
6960+
return NULL;
6961+
}
6962+
6963+
/* De-escape password. */
6964+
for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2)
6965+
{
6966+
if (*p1 == '\\' && p1[1] != '\0')
6967+
++p1;
6968+
*p2 = *p1;
6969+
}
6970+
*p2 = '\0';
6971+
6972+
return ret;
6973+
}
69576974
}
6958-
*p2 = '\0';
69596975

6960-
return ret;
6976+
/* No match, reset buffer to prepare for next line. */
6977+
buf.len = 0;
69616978
}
69626979

69636980
fclose(fp);
6981+
termPQExpBuffer(&buf);
69646982
return NULL;
6965-
6966-
#undef LINELEN
69676983
}
69686984

69696985

src/test/authentication/t/001_password.pl

Lines changed: 26 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
}
1818
else
1919
{
20-
plan tests => 8;
20+
plan tests => 11;
2121
}
2222

2323

@@ -45,7 +45,9 @@ sub test_role
4545

4646
$status_string = 'success' if ($expected_res eq 0);
4747

48-
my $res = $node->psql('postgres', undef, extra_params => [ '-U', $role ]);
48+
local $Test::Builder::Level = $Test::Builder::Level + 1;
49+
50+
my $res = $node->psql('postgres', undef, extra_params => [ '-U', $role, '-w' ]);
4951
is($res, $expected_res,
5052
"authentication $status_string for method $method, role $role");
5153
return;
@@ -86,3 +88,25 @@ sub test_role
8688
reset_pg_hba($node, 'md5');
8789
test_role($node, 'scram_role', 'md5', 0);
8890
test_role($node, 'md5_role', 'md5', 0);
91+
92+
# Test .pgpass processing; but use a temp file, don't overwrite the real one!
93+
my $pgpassfile = "${TestLib::tmp_check}/pgpass";
94+
95+
delete $ENV{"PGPASSWORD"};
96+
$ENV{"PGPASSFILE"} = $pgpassfile;
97+
98+
append_to_file($pgpassfile, qq!
99+
# This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file. This very long comment is just here to exercise handling of long lines in the file.
100+
*:*:postgres:scram_role:pass:this is not part of the password.
101+
!);
102+
chmod 0600, $pgpassfile or die;
103+
104+
reset_pg_hba($node, 'password');
105+
test_role($node, 'scram_role', 'password from pgpass', 0);
106+
test_role($node, 'md5_role', 'password from pgpass', 2);
107+
108+
append_to_file($pgpassfile, qq!
109+
*:*:*:md5_role:p\\ass
110+
!);
111+
112+
test_role($node, 'md5_role', 'password from pgpass', 0);

0 commit comments

Comments
 (0)