On 2020/03/03 22:07, Hamid Akhtar wrote:
On Tue, Mar 3, 2020 at 5:38 PM Hamid Akhtar <hamid.akh...@gmail.com
<mailto:hamid.akh...@gmail.com>> wrote:
On Mon, Mar 2, 2020 at 6:07 PM Fujii Masao <masao.fu...@oss.nttdata.com
<mailto:masao.fu...@oss.nttdata.com>> wrote:
On 2020/02/29 0:46, Hamid Akhtar wrote:
> The following review has been posted through the commitfest
application:
> make installcheck-world: not tested
> Implements feature: not tested
> Spec compliant: not tested
> Documentation: not tested
>
> First of all, this seems like fixing a valid issue, albeit, the
probability of somebody messing is low, but it is still better to fix this problem.
>
> I've not tested the patch in any detail, however, there are a couple
of comments I have before I proceed on with detailed testing.
Thanks for the review and comments!
> 1. pgindent is showing a few issues with formatting. Please have a
look and resolve those.
Yes.
Fixed. Attached is the updated version of the patch.
I marked this CF entry as "Needs Review" again.
> 2. I think you can potentially use "len" variable instead of introducing
"buflen" and "tmplen" variables.
Basically I don't want to use the same variable for several purposes
because which would decrease the code readability.
That is fine.
> Also, I would choose a more appropriate name for "tmp" variable.
Yeah, so what about "rest" as the variable name?
May be something like "excess_buf" or any other one that describes that these
bytes are to be discarded.
Thanks for the comment! But IMO that "rest" is not
so bad choice, so for now I used "rest" in the latest patch.
Regards,
--
Fujii Masao
NTT DATA CORPORATION
Advanced Platform Technology Group
Research and Development Headquarters
diff --git a/src/interfaces/libpq/fe-connect.c
b/src/interfaces/libpq/fe-connect.c
index 408000af83..0157c619aa 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -6949,6 +6949,7 @@ passwordFromFile(const char *hostname, const char *port,
const char *dbname,
{
FILE *fp;
struct stat stat_buf;
+ int line_number = 0;
#define LINELEN NAMEDATALEN*5
char buf[LINELEN];
@@ -7014,10 +7015,42 @@ passwordFromFile(const char *hostname, const char
*port, const char *dbname,
*p1,
*p2;
int len;
+ int buflen;
if (fgets(buf, sizeof(buf), fp) == NULL)
break;
+ line_number++;
+ buflen = strlen(buf);
+ if (buflen >= sizeof(buf) - 1 && buf[buflen - 1] != '\n')
+ {
+ char rest[LINELEN];
+ int restlen;
+
+ /*
+ * Warn if this password setting line is too long,
because it's
+ * unexpectedly truncated.
+ */
+ if (buf[0] != '#')
+ fprintf(stderr,
+ libpq_gettext("WARNING: line %d
too long in password file \"%s\"\n"),
+ line_number, pgpassfile);
+
+ /* eat rest of the line */
+ while (!feof(fp) && !ferror(fp))
+ {
+ if (fgets(rest, sizeof(rest), fp) == NULL)
+ break;
+ restlen = strlen(rest);
+ if (restlen < sizeof(rest) - 1 || rest[restlen
- 1] == '\n')
+ break;
+ }
+ }
+
+ /* ignore comments */
+ if (buf[0] == '#')
+ continue;
+
/* strip trailing newline and carriage return */
len = pg_strip_crlf(buf);
