From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | Andrew Chernow <ac(at)esilo(dot)com> |
Cc: | Alex Hunsaker <badalex(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: new libpq SSL connection option |
Date: | 2009-01-02 10:13:10 |
Message-ID: | 495DE8B6.4040505@hagander.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Andrew Chernow wrote:
> Magnus Hagander wrote:
>> Alex Hunsaker wrote:
>>> On Sat, Dec 27, 2008 at 11:50, Andrew Chernow <ac(at)esilo(dot)com> wrote:
>>>> Why does pqGetHomeDirectory have to succeed to use
>>>> conn->sslrootcert. Maybe
>>>> this should be an OR of the two since sslrootcert is not dependent on
>>>> homedir?
>>>>
>>>> around line 970 src/interfaces/libpq/fe-secure.c
>>>>
>>>> if (conn->sslrootcert || pqGetHomeDirectory(homedir, sizeof(homedir)))
>>>
>>> Certainly, did we miss anywhere else?
>>>
>
> Yes, the homedir variable is used again later in the function. homedir
> could be invalid since pqGetHomeDirectory might not get called. Maybe
> something like below would do the trick:
>
> /* when used, it can't be an empty string. */
> *homedir = 0;
>
> /* If either are NULL, homedir is needed */
> if (!conn->sslrootcert || !conn->sslcrl)
> pqGetHomeDirectory(homedir, sizeof(homedir));
>
> /* one of them must be valid */
> if (conn->sslrootcert || *homedir)
How about this patch?
There's a lot of whitespace change due to indentation change, so I've
included a version without it for reference.
Also, it looks like we have the same problem with the private key, in
client_cert_cb(), agreed?
//Magnus
Attachment | Content-Type | Size |
---|---|---|
libpq_gethomedir.diff | text/x-diff | 4.3 KB |
libpq_gethomedir_nospace.diff | text/x-diff | 1.8 KB |
From | Date | Subject | |
---|---|---|---|
Next Message | Greg Smith | 2009-01-02 11:17:29 | Re: benchmarking the query planner |
Previous Message | Greg Smith | 2009-01-02 10:08:13 | Re: posix_fadvise v22 |