From 7747032129fb66891805a8a2b5e06cbce8df2d2a Mon Sep 17 00:00:00 2001 From: Bertrand Drouvot Date: Wed, 21 Jun 2023 18:28:13 +0000 Subject: [PATCH v2] Reject incoming username and database name in case of overlength --- src/backend/postmaster/postmaster.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) 100.0% src/backend/postmaster/ diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 4c49393fc5..03289f2093 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -2183,9 +2183,25 @@ retry1: valptr = buf + valoffset; if (strcmp(nameptr, "database") == 0) + { + /* Overlength database name has been provided. */ + if (strlen(valptr) >= NAMEDATALEN) + ereport(FATAL, + (errcode(ERRCODE_UNDEFINED_DATABASE), + errmsg("database \"%s\" does not exist", valptr))); + port->database_name = pstrdup(valptr); + } else if (strcmp(nameptr, "user") == 0) + { + /* Overlength user name has been provided. */ + if (strlen(valptr) >= NAMEDATALEN) + ereport(FATAL, + (errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION), + errmsg("role \"%s\" does not exist", valptr))); + port->user_name = pstrdup(valptr); + } else if (strcmp(nameptr, "options") == 0) port->cmdline_options = pstrdup(valptr); else if (strcmp(nameptr, "replication") == 0) @@ -2290,15 +2306,6 @@ retry1: } } - /* - * Truncate given database and user names to length of a Postgres name. - * This avoids lookup failures when overlength names are given. - */ - if (strlen(port->database_name) >= NAMEDATALEN) - port->database_name[NAMEDATALEN - 1] = '\0'; - if (strlen(port->user_name) >= NAMEDATALEN) - port->user_name[NAMEDATALEN - 1] = '\0'; - if (am_walsender) MyBackendType = B_WAL_SENDER; else -- 2.34.1