Field conninfo strings throughout src/bin/scripts

Enterprise / PostgreSQL - Noah Misch [leadboat.com] - 8 August 2016 09:07 UTC

These programs nominally accepted conninfo strings, but they would proceed to use the original dbname parameter as though it were an unadorned database name. This caused "reindexdb dbname=foo" to issue an SQL command that always failed, and other programs printed a conninfo string in error messages that purported to print a database name. Fix both problems by using PQdb() to retrieve actual database names. Continue to print the full conninfo string when reporting a connection failure. It is informative there, and if the database name is the sole problem, the server-side error message will include the name. Beyond those user-visible fixes, this allows a subsequent commit to synthesize and use conninfo strings without that implementation detail leaking into messages. As a side effect, the "vacuuming database" message now appears after, not before, the connection attempt. Back-patch to 9.1 (all supported versions).

Reviewed by Michael Paquier and Peter Eisentraut.

Security: CVE-2016-5424

c400717 Field conninfo strings throughout src/bin/scripts.
src/bin/scripts/clusterdb.c | 4 ++--
src/bin/scripts/createlang.c | 4 ++--
src/bin/scripts/droplang.c | 4 ++--
src/bin/scripts/reindexdb.c | 26 ++++++++++++-------------
src/bin/scripts/vacuumdb.c | 44 ++++++++++++++++++++----------------------
5 files changed, 40 insertions(+), 42 deletions(-)

Upstream: git.postgresql.org


  • Share