BUG #2424: initdb Did Not Escape the Password
| От | imacat |
|---|---|
| Тема | BUG #2424: initdb Did Not Escape the Password |
| Дата | |
| Msg-id | 200605070628.k476Sraj005082@wwwmaster.postgresql.org обсуждение исходный текст |
| Ответы |
Re: BUG #2424: initdb Did Not Escape the Password
(imacat <imacat@mail.imacat.idv.tw>)
|
| Список | pgsql-bugs |
The following bug has been logged online:
Bug reference: 2424
Logged by: imacat
Email address: imacat@mail.imacat.idv.tw
PostgreSQL version: 8.1.3
Operating system: Linux
Description: initdb Did Not Escape the Password
Details:
The initdb seems did not escape (PQescapeString) the password. The
following is my test result, with password: ab'ds)24
imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U
postgres -W
The files belonging to this database system will be owned by user
"postgres".
This user must also own the server process.
The database cluster will be initialized with locale en_US.utf8.
fixing permissions on existing directory /tmp/postgres ... ok
creating directory /tmp/postgres/global ... ok
creating directory /tmp/postgres/pg_xlog ... ok
creating directory /tmp/postgres/pg_xlog/archive_status ... ok
creating directory /tmp/postgres/pg_clog ... ok
creating directory /tmp/postgres/pg_subtrans ... ok
creating directory /tmp/postgres/pg_twophase ... ok
creating directory /tmp/postgres/pg_multixact/members ... ok
creating directory /tmp/postgres/pg_multixact/offsets ... ok
creating directory /tmp/postgres/base ... ok
creating directory /tmp/postgres/base/1 ... ok
creating directory /tmp/postgres/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /tmp/postgres/base/1 ... ok
initializing pg_authid ... ok
Enter new superuser password:
Enter it again:
setting password ... FATAL: syntax error at or near "ds" at character 41
child process exited with exit code 1
initdb: removing contents of data directory "/tmp/postgres"
imacat@atlas ~ %
I have attached a patch that seems to solve this issue. It works
for me. Please tell me if there is any problem.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
diff -u -r postgresql-8.1.3.orig/src/bin/initdb/initdb.c
postgresql-8.1.3/src/bin/initdb/initdb.c
- --- postgresql-8.1.3.orig/src/bin/initdb/initdb.c 2005-11-23
02:23:26.000000000 +0800
+++ postgresql-8.1.3/src/bin/initdb/initdb.c 2006-05-07 14:07:30.000000000
+0800
@@ -1420,9 +1420,10 @@
{
PG_CMD_DECL;
- - char *pwd1,
+ char *pwd1, *pwdesc,
*pwd2;
char pwdpath[MAXPGPATH];
+ size_t pwdlen;
struct stat statbuf;
if (pwprompt)
@@ -1484,8 +1485,11 @@
PG_CMD_OPEN;
+ pwdlen = strlen(pwd1);
+ pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
+ PQescapeString(pwdesc, pwd1, pwdlen);
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
- - effective_user, pwd1);
+ effective_user, pwdesc);
PG_CMD_CLOSE;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEXY7Vi9gubzC5S1wRAmuJAJ0UxXXuLQHDa2rPTUxZTgM0iIn8/wCgih3o
cIMfUjN+Y6F0zHFSgmxrA2k=
=pvBZ
-----END PGP SIGNATURE-----
В списке pgsql-bugs по дате отправления: