Re: BUG #2424: initdb Did Not Escape the Password
| От | imacat |
|---|---|
| Тема | Re: BUG #2424: initdb Did Not Escape the Password |
| Дата | |
| Msg-id | 20060527022255.EA64.IMACAT@mail.imacat.idv.tw обсуждение исходный текст |
| Ответ на | BUG #2424: initdb Did Not Escape the Password ("imacat" <imacat@mail.imacat.idv.tw>) |
| Ответы |
Re: BUG #2424: initdb Did Not Escape the Password
(Bruce Momjian <pgman@candle.pha.pa.us>)
|
| Список | pgsql-bugs |
Has anyone notice this? I found that this is not fixed in the 8.1.4
release.
I have made a new patch for 8.1.4. It is attached below. Please
tell me if there is any problem. Thank you.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
diff -u -r postgresql-8.1.4.orig/src/bin/initdb/initdb.c postgresql-8.1.4/src/bin/initdb/initdb.c
- --- postgresql-8.1.4.orig/src/bin/initdb/initdb.c 2006-02-24 08:55:27.000000000 +0800
+++ postgresql-8.1.4/src/bin/initdb/initdb.c 2006-05-25 12:30:34.000000000 +0800
@@ -58,6 +58,7 @@
#include <langinfo.h>
#endif
+#include "libpq-fe.h"
#include "libpq/pqsignal.h"
#include "mb/pg_wchar.h"
#include "getaddrinfo.h"
@@ -1419,9 +1420,10 @@
{
PG_CMD_DECL;
- - char *pwd1,
+ char *pwd1, *pwdesc,
*pwd2;
char pwdpath[MAXPGPATH];
+ size_t pwdlen;
struct stat statbuf;
if (pwprompt)
@@ -1483,8 +1485,12 @@
PG_CMD_OPEN;
+ pwdlen = strlen(pwd1);
+ pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
+ PQescapeString(pwdesc, pwd1, pwdlen);
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
- - username, pwd1);
+ username, pwdesc);
+ free(pwdesc);
PG_CMD_CLOSE;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEd0dTi9gubzC5S1wRAjM4AJ9gZGZ4IcbzE+CYX9HcOeMa2o9IpQCdFMyT
S5N4shISjXRXmrnN/98zAUs=
=uY5a
-----END PGP SIGNATURE-----
On Sun, 7 May 2006 06:28:53 GMT
"imacat" <imacat@mail.imacat.idv.tw> wrote:
> The following bug has been logged online:
>
> Bug reference: 2424
> Logged by: imacat
> Email address: imacat@mail.imacat.idv.tw
> PostgreSQL version: 8.1.3
> Operating system: Linux
> Description: initdb Did Not Escape the Password
> Details:
>
> The initdb seems did not escape (PQescapeString) the password. The
> following is my test result, with password: ab'ds)24
>
> imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U
> postgres -W
> The files belonging to this database system will be owned by user
> "postgres".
> This user must also own the server process.
>
> The database cluster will be initialized with locale en_US.utf8.
>
> fixing permissions on existing directory /tmp/postgres ... ok
> creating directory /tmp/postgres/global ... ok
> creating directory /tmp/postgres/pg_xlog ... ok
> creating directory /tmp/postgres/pg_xlog/archive_status ... ok
> creating directory /tmp/postgres/pg_clog ... ok
> creating directory /tmp/postgres/pg_subtrans ... ok
> creating directory /tmp/postgres/pg_twophase ... ok
> creating directory /tmp/postgres/pg_multixact/members ... ok
> creating directory /tmp/postgres/pg_multixact/offsets ... ok
> creating directory /tmp/postgres/base ... ok
> creating directory /tmp/postgres/base/1 ... ok
> creating directory /tmp/postgres/pg_tblspc ... ok
> selecting default max_connections ... 100
> selecting default shared_buffers ... 1000
> creating configuration files ... ok
> creating template1 database in /tmp/postgres/base/1 ... ok
> initializing pg_authid ... ok
> Enter new superuser password:
> Enter it again:
> setting password ... FATAL: syntax error at or near "ds" at character 41
> child process exited with exit code 1
> initdb: removing contents of data directory "/tmp/postgres"
> imacat@atlas ~ %
>
> I have attached a patch that seems to solve this issue. It works
> for me. Please tell me if there is any problem.
--
Best regards,
imacat ^_*' <imacat@mail.imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
В списке pgsql-bugs по дате отправления: