Hi,
On 6/30/23 7:32 PM, Drouvot, Bertrand wrote:
Hi,
On 6/30/23 5:54 PM, Tom Lane wrote:
Nathan Bossart <nathandboss...@gmail.com> writes:
After taking another look at this, I wonder if it'd be better to fail as
soon as we see the database or user name is too long instead of lugging
them around when authentication is destined to fail.
If we're agreed that we aren't going to truncate these identifiers,
that seems like a reasonable way to handle it.
Yeah agree, thanks Nathan for the idea.
I'll work on a new patch version proposal.
Please find V2 attached where it's failing as soon as the database name or
user name are detected as overlength.
Regards,
--
Bertrand Drouvot
PostgreSQL Contributors Team
RDS Open Source Databases
Amazon Web Services: https://aws.amazon.com
From 7747032129fb66891805a8a2b5e06cbce8df2d2a Mon Sep 17 00:00:00 2001
From: Bertrand Drouvot <bertranddrouvot...@gmail.com>
Date: Wed, 21 Jun 2023 18:28:13 +0000
Subject: [PATCH v2] Reject incoming username and database name in case of
overlength
---
src/backend/postmaster/postmaster.c | 25 ++++++++++++++++---------
1 file changed, 16 insertions(+), 9 deletions(-)
100.0% src/backend/postmaster/
diff --git a/src/backend/postmaster/postmaster.c
b/src/backend/postmaster/postmaster.c
index 4c49393fc5..03289f2093 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -2183,9 +2183,25 @@ retry1:
valptr = buf + valoffset;
if (strcmp(nameptr, "database") == 0)
+ {
+ /* Overlength database name has been provided.
*/
+ if (strlen(valptr) >= NAMEDATALEN)
+ ereport(FATAL,
+
(errcode(ERRCODE_UNDEFINED_DATABASE),
+ errmsg("database
\"%s\" does not exist", valptr)));
+
port->database_name = pstrdup(valptr);
+ }
else if (strcmp(nameptr, "user") == 0)
+ {
+ /* Overlength user name has been provided. */
+ if (strlen(valptr) >= NAMEDATALEN)
+ ereport(FATAL,
+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
+ errmsg("role \"%s\"
does not exist", valptr)));
+
port->user_name = pstrdup(valptr);
+ }
else if (strcmp(nameptr, "options") == 0)
port->cmdline_options = pstrdup(valptr);
else if (strcmp(nameptr, "replication") == 0)
@@ -2290,15 +2306,6 @@ retry1:
}
}
- /*
- * Truncate given database and user names to length of a Postgres name.
- * This avoids lookup failures when overlength names are given.
- */
- if (strlen(port->database_name) >= NAMEDATALEN)
- port->database_name[NAMEDATALEN - 1] = '\0';
- if (strlen(port->user_name) >= NAMEDATALEN)
- port->user_name[NAMEDATALEN - 1] = '\0';
-
if (am_walsender)
MyBackendType = B_WAL_SENDER;
else
--
2.34.1
