Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
/*-------------------------------------------------------------------------
|
|
|
|
|
*
|
|
|
|
|
* pg_get_line.c
|
|
|
|
|
* fgets() with an expansible result buffer
|
|
|
|
|
*
|
|
|
|
|
* Portions Copyright (c) 1996-2020, PostgreSQL Global Development Group
|
|
|
|
|
* Portions Copyright (c) 1994, Regents of the University of California
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
* IDENTIFICATION
|
|
|
|
|
* src/common/pg_get_line.c
|
|
|
|
|
*
|
|
|
|
|
*-------------------------------------------------------------------------
|
|
|
|
|
*/
|
|
|
|
|
#ifndef FRONTEND
|
|
|
|
|
#include "postgres.h"
|
|
|
|
|
#else
|
|
|
|
|
#include "postgres_fe.h"
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#include "common/string.h"
|
|
|
|
|
#include "lib/stringinfo.h"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* pg_get_line()
|
|
|
|
|
*
|
|
|
|
|
* This is meant to be equivalent to fgets(), except that instead of
|
|
|
|
|
* reading into a caller-supplied, fixed-size buffer, it reads into
|
|
|
|
|
* a palloc'd (in frontend, really malloc'd) string, which is resized
|
|
|
|
|
* as needed to handle indefinitely long input lines. The caller is
|
|
|
|
|
* responsible for pfree'ing the result string when appropriate.
|
|
|
|
|
*
|
|
|
|
|
* As with fgets(), returns NULL if there is a read error or if no
|
|
|
|
|
* characters are available before EOF. The caller can distinguish
|
|
|
|
|
* these cases by checking ferror(stream).
|
|
|
|
|
*
|
|
|
|
|
* Since this is meant to be equivalent to fgets(), the trailing newline
|
|
|
|
|
* (if any) is not stripped. Callers may wish to apply pg_strip_crlf().
|
|
|
|
|
*
|
|
|
|
|
* Note that while I/O errors are reflected back to the caller to be
|
|
|
|
|
* dealt with, an OOM condition for the palloc'd buffer will not be;
|
|
|
|
|
* there'll be an ereport(ERROR) or exit(1) inside stringinfo.c.
|
2020-09-06 19:57:10 +02:00
|
|
|
*
|
|
|
|
|
* Also note that the palloc'd buffer is usually a lot longer than
|
|
|
|
|
* strictly necessary, so it may be inadvisable to use this function
|
|
|
|
|
* to collect lots of long-lived data. A less memory-hungry option
|
|
|
|
|
* is to use pg_get_line_append() in a loop, then pstrdup() each line.
|
Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
*/
|
|
|
|
|
char *
|
|
|
|
|
pg_get_line(FILE *stream)
|
|
|
|
|
{
|
|
|
|
|
StringInfoData buf;
|
|
|
|
|
|
|
|
|
|
initStringInfo(&buf);
|
|
|
|
|
|
2020-09-06 19:57:10 +02:00
|
|
|
if (!pg_get_line_append(stream, &buf))
|
Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
{
|
|
|
|
|
/* ensure that free() doesn't mess up errno */
|
|
|
|
|
int save_errno = errno;
|
|
|
|
|
|
|
|
|
|
pfree(buf.data);
|
|
|
|
|
errno = save_errno;
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-06 19:57:10 +02:00
|
|
|
return buf.data;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* pg_get_line_append()
|
|
|
|
|
*
|
|
|
|
|
* This has similar behavior to pg_get_line(), and thence to fgets(),
|
|
|
|
|
* except that the collected data is appended to whatever is in *buf.
|
|
|
|
|
*
|
|
|
|
|
* Returns true if a line was successfully collected (including the
|
|
|
|
|
* case of a non-newline-terminated line at EOF). Returns false if
|
|
|
|
|
* there was an I/O error or no data was available before EOF.
|
|
|
|
|
* (Check ferror(stream) to distinguish these cases.)
|
|
|
|
|
*
|
|
|
|
|
* In the false-result case, the contents of *buf are logically unmodified,
|
|
|
|
|
* though it's possible that the buffer has been resized.
|
|
|
|
|
*/
|
|
|
|
|
bool
|
|
|
|
|
pg_get_line_append(FILE *stream, StringInfo buf)
|
|
|
|
|
{
|
|
|
|
|
int orig_len = buf->len;
|
|
|
|
|
|
|
|
|
|
/* Read some data, appending it to whatever we already have */
|
|
|
|
|
while (fgets(buf->data + buf->len, buf->maxlen - buf->len, stream) != NULL)
|
|
|
|
|
{
|
|
|
|
|
buf->len += strlen(buf->data + buf->len);
|
|
|
|
|
|
|
|
|
|
/* Done if we have collected a newline */
|
|
|
|
|
if (buf->len > orig_len && buf->data[buf->len - 1] == '\n')
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
/* Make some more room in the buffer, and loop to read more data */
|
|
|
|
|
enlargeStringInfo(buf, 128);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check for I/O errors and EOF */
|
|
|
|
|
if (ferror(stream) || buf->len == orig_len)
|
Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
{
|
2020-09-06 19:57:10 +02:00
|
|
|
/* Discard any data we collected before detecting error */
|
|
|
|
|
buf->len = orig_len;
|
|
|
|
|
buf->data[orig_len] = '\0';
|
|
|
|
|
return false;
|
Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
}
|
|
|
|
|
|
2020-09-06 19:57:10 +02:00
|
|
|
/* No newline at EOF, but we did collect some data */
|
|
|
|
|
return true;
|
Remove arbitrary restrictions on password length.
This patch started out with the goal of harmonizing various arbitrary
limits on password length, but after awhile a better idea emerged:
let's just get rid of those fixed limits.
recv_password_packet() has an arbitrary limit on the packet size,
which we don't really need, so just drop it. (Note that this doesn't
really affect anything for MD5 or SCRAM password verification, since
those will hash the user's password to something shorter anyway.
It does matter for auth methods that require a cleartext password.)
Likewise remove the arbitrary error condition in pg_saslprep().
The remaining limits are mostly in client-side code that prompts
for passwords. To improve those, refactor simple_prompt() so that
it allocates its own result buffer that can be made as big as
necessary. Actually, it proves best to make a separate routine
pg_get_line() that has essentially the semantics of fgets(), except
that it allocates a suitable result buffer and hence will never
return a truncated line. (pg_get_line has a lot of potential
applications to replace randomly-sized fgets buffers elsewhere,
but I'll leave that for another patch.)
I built pg_get_line() atop stringinfo.c, which requires moving
that code to src/common/; but that seems fine since it was a poor
fit for src/port/ anyway.
This patch is mostly mine, but it owes a good deal to Nathan Bossart
who pressed for a solution to the password length problem and
created a predecessor patch. Also thanks to Peter Eisentraut and
Stephen Frost for ideas and discussion.
Discussion: https://postgr.es/m/09512C4F-8CB9-4021-B455-EF4C4F0D55A0@amazon.com
2020-09-04 02:09:18 +02:00
|
|
|
}
|