Re: [patch] fix dblink security hole

Tom Lane wrote:
> Hmm ... one problem with this is that the caller can't tell
> failure-because-out-of-memory from failure-because-string-is-bogus.

<snip>

> Is it worth having the
> PQconninfoParse function pass back the error message to avoid this
> corner case?

I thought briefly about it, and wasn't sure it would be worth the ugliness.

>  The API would be a lot more ugly, perhaps

>     int PQconninfoParse(const char *connstr,
>                 PQconninfoOption **options,
>                 char **errmsg)
> 
>     okay: *options is set, *errmsg is NULL, return true
>     bogus string: *options is NULL, *errmsg is set, return false
>     out of memory: both outputs NULL, return false

conninfo_parse() returns NULL on error, so why not something like:

PQconninfoOption *
PQconninfoParse(const char *conninfo, char **errmsg)
{  PQExpBufferData     errorBuf;  bool                password_from_string;  PQconninfoOption   *connOptions;
  initPQExpBuffer(&errorBuf);  connOptions = conninfo_parse(conninfo, &errorBuf,
&password_from_string);
  if (!connOptions && errmsg)*errmsg = pstrdup(errorBuf.data);
  termPQExpBuffer(&errorBuf);  return connOptions;
}

If the return value is NULL, use errmsg if you'd like. I'd guess in most 
instances you don't even need to bother freeing errmsg as it is in a 
limited life memory context.

Joe