unless (1) the @ isn't quoted and (2) the filename isn't empty. This guards against unexpectedly treating usernames or other strings in "flat files" as inclusion requests, as seen in a recent trouble report from Ed L. The empty-filename case would be guaranteed to misbehave anyway, because our subsequent path-munging behavior results in trying to read the directory containing the current input file. I think this might finally explain the report at http://archives.postgresql.org/pgsql-bugs/2004-05/msg00132.php of a crash after printing "authentication file token too long, skipping", since I was able to duplicate that message (though not a crash) on a platform where stdio doesn't refuse to read directories. We never got far in investigating that problem, but now I'm suspicious that the trigger condition was an @ in the flat password file. Back-patch to all active branches since the problem can be demonstrated in all branches except HEAD. The test case, creating a user named "@", doesn't cause a problem in HEAD since we got rid of the flat password file. Nonetheless it seems like a good idea to not consider quoted @ as a file inclusion spec, so I changed HEAD too. |
||
---|---|---|
.. | ||
Makefile | ||
README.SSL | ||
auth.c | ||
be-fsstubs.c | ||
be-secure.c | ||
crypt.c | ||
hba.c | ||
ip.c | ||
md5.c | ||
pg_hba.conf.sample | ||
pg_ident.conf.sample | ||
pqcomm.c | ||
pqformat.c | ||
pqsignal.c |
README.SSL
$PostgreSQL: pgsql/src/backend/libpq/README.SSL,v 1.7 2008/10/24 11:48:29 mha Exp $ SSL === >From the servers perspective: Receives StartupPacket | | (Is SSL_NEGOTIATE_CODE?) ----------- Normal startup | No | | Yes | | (Server compiled with USE_SSL?) ------- Send 'N' | No | | | | Yes Normal startup | | Send 'S' | | Establish SSL | | Normal startup >From the clients perspective (v6.6 client _with_ SSL): Connect | | Send packet with SSL_NEGOTIATE_CODE | | Receive single char ------- 'S' -------- Establish SSL | | | '<else>' | | Normal startup | | Is it 'E' for error ------------------- Retry connection | Yes without SSL | No | Is it 'N' for normal ------------------- Normal startup | Yes | Fail with unknown ---------------------------------------------------------------------------