From 8d15e3ec4fcb735875a8a70a09ec0c62153c3329 Mon Sep 17 00:00:00 2001 From: Robert Haas Date: Thu, 22 Dec 2011 12:55:27 -0500 Subject: [PATCH] Don't forget to de-escape the password field in .pgpass. This has been broken just about forever (or more specifically, commit 7f4981f4af1700456f98ac3f2b2d84959919ec81) and nobody noticed until Richard Huxton reported it recently. Analysis and fix by Ross Reedstrom, although I didn't use his patch. This doesn't seem important enough to back-patch and is mildly backward incompatible, so I'm just doing this in master. --- src/interfaces/libpq/fe-connect.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 50f3f83aae..f3762af9da 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -4904,7 +4904,9 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) while (!feof(fp) && !ferror(fp)) { char *t = buf, - *ret; + *ret, + *p1, + *p2; int len; if (fgets(buf, sizeof(buf), fp) == NULL) @@ -4925,6 +4927,16 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) continue; ret = strdup(t); fclose(fp); + + /* De-escape password. */ + for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2) + { + if (*p1 == '\\' && p1[1] != '\0') + ++p1; + *p2 = *p1; + } + *p2 = '\0'; + return ret; }