8000 The original patch to disallow non-passworded connections to non-supe… · danielcode/postgres@6689ac7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 6689ac7

Browse files
tglsfdctglsfdc
committed
The original patch to disallow non-passworded connections to non-superusers
failed to cover all the ways in which a connection can be initiated in dblink. Plug the remaining holes. Also, disallow transient connections in functions for which that feature makes no sense (because they are only sensible as part of a sequence of operations on the same connection). Joe Conway Security: CVE-2007-6601
1 parent 218cf59 commit 6689ac7

File tree

1 file changed

+31
-16
lines changed

1 file changed

+31
-16
lines changed

contrib/dblink/dblink.c

Lines changed: 31 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,8 @@
2828
*/
2929
#include "postgres.h"
3030

31+
#include <ctype.h>
32+
3133
#include "libpq-fe.h"
3234

3335
#include "fmgr.h"
@@ -73,6 +75,7 @@ static void append_res_ptr(dblink_results * results);
7375
static void remove_res_ptr(dblink_results * results);
7476
static char *generate_relation_name(Oid relid);
7577
static char *connstr_strip_password(const char *connstr);
78+
static void dblink_security_check(PGconn *conn, const char *connstr);
7679

7780
/* Global */
7881
List *res_id = NIL;
@@ -108,22 +111,10 @@ dblink_connect(PG_FUNCTION_ARGS)
108111

109112
oldcontext = MemoryContextSwitchTo(TopMemoryContext);
110113

111-
/* for non-superusers, check that server requires a password */
112-
if (!superuser())
113-
{
114-
/* this attempt must fail */
115-
persistent_conn = PQconnectdb(connstr_strip_password(connstr));
116-
117-
if (PQstatus(persistent_conn) == CONNECTION_OK)
118-
{
119-
PQfinish(persistent_conn);
120-
persistent_conn = NULL;
121-
elog(ERROR, "Non-superuser cannot connect if the server does not request a password.");
122-
}
123-
else
124-
PQfinish(persistent_conn);
125-
}
114+
/* check password used if not superuser */
115+
dblink_security_check(persistent_conn, connstr);
126116
persistent_conn = PQconnectdb(connstr);
117+
127118
MemoryContextSwitchTo(oldcontext);
128119

129120
if (PQstatus(persistent_conn) == CONNECTION_BAD)
@@ -468,6 +459,8 @@ dblink_record(PG_FUNCTION_ARGS)
468459
connstr = GET_STR(PG_GETARG_TEXT_P(0));
469460
sql = GET_STR(PG_GETARG_TEXT_P(1));
470461

462+
/* check password used if not superuser */
463+
dblink_security_check(conn, connstr);
471464
conn = PQconnectdb(connstr);
472465
if (PQstatus(conn) == CONNECTION_BAD)
473466
{
@@ -652,6 +645,8 @@ dblink_exec(PG_FUNCTION_ARGS)
652645
connstr = GET_STR(PG_GETARG_TEXT_P(0));
653646
sql = GET_STR(PG_GETARG_TEXT_P(1));
654647

648+
/* check password used if not superuser */
649+
dblink_security_check(conn, connstr);
655650
conn = PQconnectdb(connstr);
656651
if (PQstatus(conn) == CONNECTION_BAD)
657652
{
@@ -738,7 +733,8 @@ dblink(PG_FUNCTION_ARGS)
738733

739734
if (fcinfo->flinfo->fn_extra == NULL)
740735
{
741-
736+
/* check password used if not superuser */
737+
dblink_security_check(conn, optstr);
742738
conn = PQconnectdb(optstr);
743739
if (PQstatus(conn) == CONNECTION_BAD)
744740
{
@@ -2176,3 +2172,22 @@ connstr_strip_password(const char *connstr)
21762172

21772173
return result.data;
21782174
}
2175+
2176+
static void
2177+
dblink_security_check(PGconn *conn, const char *connstr)
2178+
{
2179+
if (!superuser())
2180+
{
2181+
/* this attempt must fail */
2182+
conn = PQconnectdb(connstr_strip_password(connstr));
2183+
2184+
if (PQstatus(conn) == CONNECTION_OK)
2185+
{
2186+
PQfinish(conn);
2187+
conn = NULL;
2188+
elog(ERROR, "Non-superuser cannot connect if the server does not request a password.");
2189+
}
2190+
else
2191+
PQfinish(conn);
2192+
}
2193+
}

0 commit comments

Comments
 (0)
0