diff --git a/src/backend/libpq/be-secure-gssapi.c b/src/backend/libpq/be-secure-gssapi.c index 6089d627ab..818da567a3 100644 --- a/src/backend/libpq/be-secure-gssapi.c +++ b/src/backend/libpq/be-secure-gssapi.c @@ -14,8 +14,9 @@ #include "postgres.h" -#include "be-gssapi-common.h" +#include +#include "be-gssapi-common.h" #include "libpq/auth.h" #include "libpq/libpq.h" #include "libpq/libpq-be.h" @@ -23,8 +24,6 @@ #include "miscadmin.h" #include "pgstat.h" -#include - /* * Handle the encryption/decryption of data using GSSAPI. @@ -179,10 +178,13 @@ be_gssapi_write(Port *port, void *ptr, size_t len) pg_GSS_error(FATAL, gettext_noop("GSSAPI wrap error"), major, minor); if (conf == 0) - ereport(FATAL, (errmsg("GSSAPI did not provide confidentiality"))); + ereport(FATAL, + (errmsg("GSSAPI did not provide confidentiality"))); if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32)) - ereport(FATAL, (errmsg("GSSAPI tried to send packet of size: %ld", output.length))); + ereport(FATAL, + (errmsg("server tried to send oversize GSSAPI packet: %zu bytes", + (size_t) output.length))); bytes_encrypted += input.length; bytes_to_encrypt -= input.length; @@ -297,7 +299,9 @@ be_gssapi_read(Port *port, void *ptr, size_t len) /* Check for over-length packet */ if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32)) - ereport(FATAL, (errmsg("Over-size GSSAPI packet sent by the client."))); + ereport(FATAL, + (errmsg("oversize GSSAPI packet sent by the client: %zu bytes", + (size_t) input.length))); /* * Read as much of the packet as we are able to on this call into @@ -341,7 +345,8 @@ be_gssapi_read(Port *port, void *ptr, size_t len) major, minor); if (conf == 0) - ereport(FATAL, (errmsg("GSSAPI did not provide confidentiality"))); + ereport(FATAL, + (errmsg("GSSAPI did not provide confidentiality"))); memcpy(PqGSSResultBuffer, output.value, output.length); @@ -492,7 +497,9 @@ secure_open_gssapi(Port *port) * Verify on our side that the client doesn't do something funny. */ if (input.length > PQ_GSS_RECV_BUFFER_SIZE) - ereport(FATAL, (errmsg("Over-size GSSAPI packet sent by the client: %ld", input.length))); + ereport(FATAL, + (errmsg("oversize GSSAPI packet sent by the client: %zu bytes", + (size_t) input.length))); /* * Get the rest of the packet so we can pass it to GSSAPI to accept @@ -538,7 +545,9 @@ secure_open_gssapi(Port *port) uint32 netlen = htonl(output.length); if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32)) - ereport(FATAL, (errmsg("GSSAPI tried to send oversize packet"))); + ereport(FATAL, + (errmsg("server tried to send oversize GSSAPI packet: %zu bytes", + (size_t) output.length))); memcpy(PqGSSSendBuffer, (char *) &netlen, sizeof(uint32)); PqGSSSendPointer += sizeof(uint32); diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c index ec2a4c6478..6111439ff0 100644 --- a/src/interfaces/libpq/fe-secure-gssapi.c +++ b/src/interfaces/libpq/fe-secure-gssapi.c @@ -16,7 +16,6 @@ #include "libpq-fe.h" #include "libpq-int.h" #include "fe-gssapi-common.h" - #include "port/pg_bswap.h" /* @@ -163,15 +162,16 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len) } else if (conf == 0) { - printfPQExpBuffer(&conn->errorMessage, libpq_gettext( - "GSSAPI did not provide confidentiality\n")); + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("GSSAPI did not provide confidentiality\n")); goto cleanup; } if (output.length > PQ_GSS_SEND_BUFFER_SIZE - sizeof(uint32)) { - printfPQExpBuffer(&conn->errorMessage, libpq_gettext( - "GSSAPI attempt to send oversize packet\n")); + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("client tried to send oversize GSSAPI packet: %zu bytes\n"), + (size_t) output.length); goto cleanup; } @@ -286,8 +286,8 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) /* Check for over-length packet */ if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32)) { - printfPQExpBuffer(&conn->errorMessage, libpq_gettext( - "GSSAPI did not provide confidentiality\n")); + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("GSSAPI did not provide confidentiality\n")); ret = -1; goto cleanup; } @@ -328,8 +328,8 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) } else if (conf == 0) { - printfPQExpBuffer(&conn->errorMessage, libpq_gettext( - "GSSAPI did not provide confidentiality\n")); + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("GSSAPI did not provide confidentiality\n")); ret = -1; goto cleanup; } @@ -476,7 +476,7 @@ pqsecure_open_gss(PGconn *conn) PqGSSRecvLength += ret; - printfPQExpBuffer(&conn->errorMessage, "%s", PqGSSRecvBuffer + 1); + printfPQExpBuffer(&conn->errorMessage, "%s\n", PqGSSRecvBuffer + 1); return PGRES_POLLING_FAILED; } @@ -490,7 +490,9 @@ pqsecure_open_gss(PGconn *conn) input.length = ntohl(*(uint32 *) PqGSSRecvBuffer); if (input.length > PQ_GSS_RECV_BUFFER_SIZE - sizeof(uint32)) { - printfPQExpBuffer(&conn->errorMessage, libpq_gettext("Over-size GSSAPI packet sent by the server: %ld"), input.length); + printfPQExpBuffer(&conn->errorMessage, + libpq_gettext("oversize GSSAPI packet sent by the server: %zu bytes\n"), + (size_t) input.length); return PGRES_POLLING_FAILED; }