The correct min buffer size is

INITIAL_EXPBUFFER_SIZE, not PQERRORMSG_LENGTH.

Backpatch only, the proper fix in HEAD is
to use PQExpBuffers everywhere.

diff --git a/src/interfaces/libpq/fe-auth.c b/src/interfaces/libpq/fe-auth.c
index a6dceea824d95c530d79995120c808bba1e4a6eb..024ae0e3482f339641b7d5643bd579abdcf31ce8 100644 (file)
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -170,7 +170,7 @@ pg_krb4_authname(char *PQerrormsg)
        status = krb_get_tf_fullname(tkt_string(), name, instance, realm);
        if (status != KSUCCESS)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb4_authname: krb_get_tf_fullname: %s\n",
                                 krb_err_txt[status]);
                return NULL;
@@ -228,7 +228,7 @@ pg_krb4_sendauth(char *PQerrormsg, int sock,
                                                  PG_KRB4_VERSION);
        if (status != KSUCCESS)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 libpq_gettext("Kerberos 4 error: %s\n"),
                                 krb_err_txt[status]);
                return STATUS_ERROR;
@@ -294,7 +294,7 @@ pg_krb5_init(char *PQerrormsg)
        retval = krb5_init_context(&pg_krb5_context);
        if (retval)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb5_init: krb5_init_context: %s\n",
                                 error_message(retval));
                return STATUS_ERROR;
@@ -303,7 +303,7 @@ pg_krb5_init(char *PQerrormsg)
        retval = krb5_cc_default(pg_krb5_context, &pg_krb5_ccache);
        if (retval)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb5_init: krb5_cc_default: %s\n",
                                 error_message(retval));
                krb5_free_context(pg_krb5_context);
@@ -314,7 +314,7 @@ pg_krb5_init(char *PQerrormsg)
                                                                   &pg_krb5_client);
        if (retval)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb5_init: krb5_cc_get_principal: %s\n",
                                 error_message(retval));
                krb5_cc_close(pg_krb5_context, pg_krb5_ccache);
@@ -325,7 +325,7 @@ pg_krb5_init(char *PQerrormsg)
        retval = krb5_unparse_name(pg_krb5_context, pg_krb5_client, &pg_krb5_name);
        if (retval)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb5_init: krb5_unparse_name: %s\n",
                                 error_message(retval));
                krb5_free_principal(pg_krb5_context, pg_krb5_client);
@@ -367,7 +367,13 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
        krb5_principal server;
        krb5_auth_context auth_context = NULL;
        krb5_error *err_ret = NULL;
-       int                     flags;
+
+       if (!hostname)
+       {
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
+                                "pg_krb5_sendauth: hostname must be specified for Kerberos authentication\n");
+               return STATUS_ERROR;
+       }
 
        ret = pg_krb5_init(PQerrormsg);
        if (ret != STATUS_OK)
@@ -377,7 +383,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
                                                                         KRB5_NT_SRV_HST, &server);
        if (retval)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_krb5_sendauth: krb5_sname_to_principal: %s\n",
                                 error_message(retval));
                return STATUS_ERROR;
@@ -388,12 +394,11 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
         * socket, and we have to block somehow to do mutual authentication
         * anyway. So we temporarily make it blocking.
         */
-       flags = fcntl(sock, F_GETFL);
-       if (flags < 0 || fcntl(sock, F_SETFL, (long) (flags & ~O_NONBLOCK)))
+       if (!pg_set_block(sock))
        {
                char            sebuf[256];
 
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 libpq_gettext("could not set socket to blocking mode: %s\n"), pqStrerror(errno, sebuf, sizeof(sebuf)));
                krb5_free_principal(pg_krb5_context, server);
                return STATUS_ERROR;
@@ -410,11 +415,11 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
                if (retval == KRB5_SENDAUTH_REJECTED && err_ret)
                {
 #if defined(HAVE_KRB5_ERROR_TEXT_DATA)
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                          libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
                                         (int) err_ret->text.length, err_ret->text.data);
 #elif defined(HAVE_KRB5_ERROR_E_DATA)
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                          libpq_gettext("Kerberos 5 authentication rejected: %*s\n"),
                                         (int) err_ret->e_data->length,
                                         (const char *) err_ret->e_data->data);
@@ -424,7 +429,7 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
                }
                else
                {
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                         "krb5_sendauth: %s\n", error_message(retval));
                }
 
@@ -436,11 +441,11 @@ pg_krb5_sendauth(char *PQerrormsg, int sock, const char *hostname)
 
        krb5_free_principal(pg_krb5_context, server);
 
-       if (fcntl(sock, F_SETFL, (long) flags))
+       if (!pg_set_noblock(sock))
        {
                char            sebuf[256];
 
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 libpq_gettext("could not restore non-blocking mode on socket: %s\n"),
                                 pqStrerror(errno, sebuf, sizeof(sebuf)));
                ret = STATUS_ERROR;
@@ -500,14 +505,14 @@ pg_local_sendauth(char *PQerrormsg, PGconn *conn)
        {
                char            sebuf[256];
 
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "pg_local_sendauth: sendmsg: %s\n",
                                 pqStrerror(errno, sebuf, sizeof(sebuf)));
                return STATUS_ERROR;
        }
        return STATUS_OK;
 #else
-       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                libpq_gettext("SCM_CRED authentication method not supported\n"));
        return STATUS_ERROR;
 #endif
@@ -599,15 +604,14 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                                                           (struct sockaddr_in *) & conn->raddr.addr,
                                                                 hostname) != STATUS_OK)
                        {
-                               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                                       libpq_gettext("Kerberos 4 authentication failed\n"));
+                               /* PQerrormsg already filled in */
                                pgunlock_thread();
                                return STATUS_ERROR;
                        }
                        pgunlock_thread();
                        break;
 #else
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                         libpq_gettext("Kerberos 4 authentication not supported\n"));
                        return STATUS_ERROR;
 #endif
@@ -618,15 +622,14 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                        if (pg_krb5_sendauth(PQerrormsg, conn->sock,
                                                                 hostname) != STATUS_OK)
                        {
-                               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
-                                       libpq_gettext("Kerberos 5 authentication failed\n"));
+                               /* PQerrormsg already filled in */
                                pgunlock_thread();
                                return STATUS_ERROR;
                        }
                        pgunlock_thread();
                        break;
 #else
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                         libpq_gettext("Kerberos 5 authentication not supported\n"));
                        return STATUS_ERROR;
 #endif
@@ -636,13 +639,13 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                case AUTH_REQ_PASSWORD:
                        if (password == NULL || *password == '\0')
                        {
-                               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                               (void) snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                                                PQnoPasswordSupplied);
                                return STATUS_ERROR;
                        }
                        if (pg_password_sendauth(conn, password, areq) != STATUS_OK)
                        {
-                               (void) snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                               (void) snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 "fe_sendauth: error sending password authentication\n");
                                return STATUS_ERROR;
                        }
@@ -654,7 +657,7 @@ fe_sendauth(AuthRequest areq, PGconn *conn, const char *hostname,
                        break;
 
                default:
-                       snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+                       snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                         libpq_gettext("authentication method %u not supported\n"), areq);
                        return STATUS_ERROR;
        }
@@ -691,7 +694,7 @@ fe_setauthsvc(const char *name, char *PQerrormsg)
                }
        if (i == n_authsvcs)
        {
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 libpq_gettext("invalid authentication service name \"%s\", ignored\n"),
                                 name);
        }
@@ -764,7 +767,7 @@ fe_getauthname(char *PQerrormsg)
        }
 
        if (authsvc != STARTUP_MSG && authsvc != STARTUP_KRB4_MSG && authsvc != STARTUP_KRB5_MSG)
-               snprintf(PQerrormsg, PQERRORMSG_LENGTH,
+               snprintf(PQerrormsg, INITIAL_EXPBUFFER_SIZE,
                                 libpq_gettext("fe_getauthname: invalid authentication system: %d\n"),
                                 authsvc);
 

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 75a35b7482ffb2c63031a0aebe4fc1f353244e8b..8a8cd286a4981693c0ed1b309535a5de70809632 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -2661,7 +2661,7 @@ conninfo_parse(const char *conninfo, PQExpBuffer errorMessage)
        char       *cp2;
        PQconninfoOption *options;
        PQconninfoOption *option;
-       char            errortmp[PQERRORMSG_LENGTH];
+       char            errortmp[INITIAL_EXPBUFFER_SIZE];
 
        /* Make a working copy of PQconninfoOptions */
        options = malloc(sizeof(PQconninfoOptions));

diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h
index 3ea7f995eb6b81bbb00e55190e64c25aba9f6593..2c291f03c49a563fbe123c880d27af6f5286d2a9 100644 (file)
--- a/src/interfaces/libpq/libpq-int.h
+++ b/src/interfaces/libpq/libpq-int.h
@@ -53,7 +53,6 @@ typedef int ssize_t;                  /* ssize_t doesn't exist in VC (at least
 /*
  * POSTGRES backend dependent Constants.
  */
-#define PQERRORMSG_LENGTH 1024
 #define CMDSTATUS_LEN 40
 
 /*