From: | Joe Conway <mail(at)joeconway(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | Marko Kreen <markokr(at)gmail(dot)com>, Postgres Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [patch] fix dblink security hole |
Date: | 2008-09-22 01:43:02 |
Message-ID: | 48D6F826.3080703@joeconway.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom Lane wrote:
> Hmm ... one problem with this is that the caller can't tell
> failure-because-out-of-memory from failure-because-string-is-bogus.
<snip>
> Is it worth having the
> PQconninfoParse function pass back the error message to avoid this
> corner case?
I thought briefly about it, and wasn't sure it would be worth the ugliness.
> The API would be a lot more ugly, perhaps
> int PQconninfoParse(const char *connstr,
> PQconninfoOption **options,
> char **errmsg)
>
> okay: *options is set, *errmsg is NULL, return true
> bogus string: *options is NULL, *errmsg is set, return false
> out of memory: both outputs NULL, return false
conninfo_parse() returns NULL on error, so why not something like:
PQconninfoOption *
PQconninfoParse(const char *conninfo, char **errmsg)
{
PQExpBufferData errorBuf;
bool password_from_string;
PQconninfoOption *connOptions;
initPQExpBuffer(&errorBuf);
connOptions = conninfo_parse(conninfo, &errorBuf,
&password_from_string);
if (!connOptions && errmsg)
*errmsg = pstrdup(errorBuf.data);
termPQExpBuffer(&errorBuf);
return connOptions;
}
If the return value is NULL, use errmsg if you'd like. I'd guess in most
instances you don't even need to bother freeing errmsg as it is in a
limited life memory context.
Joe
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2008-09-22 01:53:06 | Re: [patch] fix dblink security hole |
Previous Message | Tom Lane | 2008-09-22 01:15:34 | Re: [patch] fix dblink security hole |