From: | Andrew Chernow <ac(at)esilo(dot)com> |
---|---|
To: | Magnus Hagander <magnus(at)hagander(dot)net> |
Cc: | Alex Hunsaker <badalex(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: new libpq SSL connection option |
Date: | 2008-12-30 01:46:04 |
Message-ID: | 49597D5C.9090301@esilo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Magnus Hagander wrote:
> Alex Hunsaker wrote:
>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac(at)esilo(dot)com> wrote:
>>> Why does pqGetHomeDirectory have to succeed to use conn->sslrootcert. Maybe
>>> this should be an OR of the two since sslrootcert is not dependent on
>>> homedir?
>>>
>>> around line 970 src/interfaces/libpq/fe-secure.c
>>>
>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir)))
>>
>> Certainly, did we miss anywhere else?
>>
Yes, the homedir variable is used again later in the function. homedir could be
invalid since pqGetHomeDirectory might not get called. Maybe something like
below would do the trick:
/* when used, it can't be an empty string. */
*homedir = 0;
/* If either are NULL, homedir is needed */
if (!conn->sslrootcert || !conn->sslcrl)
pqGetHomeDirectory(homedir, sizeof(homedir));
/* one of them must be valid */
if (conn->sslrootcert || *homedir)
> I agree it looks strange.
>
> That said, have you actually seen a case where pqGetHomeDirectory()
> fails? Or did you just notice the code?
>
It can fail. For non-windows systems, it can fail on pqGetpwuid; which equates
to getpwuid or getpwuid_r failing. On windows, it can fail on SHGetFolderPath.
I really have no idea how likely either failure case is.
--
Andrew Chernow
eSilo, LLC
every bit counts
http://www.esilo.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Gregory Stark | 2008-12-30 02:28:03 | Re: Documenting serializable vs snapshot isolation levels |
Previous Message | Kevin Grittner | 2008-12-30 00:13:43 | Documenting serializable vs snapshot isolation levels |