pgsql: Don't use Asserts to check for violations of replication protoco
| От | Tom Lane |
|---|---|
| Тема | pgsql: Don't use Asserts to check for violations of replication protoco |
| Дата | |
| Msg-id | E1ls6yr-0007pp-BJ@gemulon.postgresql.org обсуждение исходный текст |
| Список | pgsql-committers |
Don't use Asserts to check for violations of replication protocol. Using an Assert to check the validity of incoming messages is an extremely poor decision. In a debug build, it should not be that easy for a broken or malicious remote client to crash the logrep worker. The consequences could be even worse in non-debug builds, which will fail to make such checks at all, leading to who-knows-what misbehavior. Hence, promote every Assert that could possibly be triggered by wrong or out-of-order replication messages to a full test-and-ereport. To avoid bloating the set of messages the translation team has to cope with, establish a policy that replication protocol violation error reports don't need to be translated. Hence, all the new messages here use errmsg_internal(). A couple of old messages are changed likewise for consistency. Along the way, fix some non-idiomatic or outright wrong uses of hash_search(). Most of these mistakes are new with the "streaming replication" patch (commit 464824323), but a couple go back a long way. Back-patch as appropriate. Discussion: https://postgr.es/m/1719083.1623351052@sss.pgh.pa.us Branch ------ REL_11_STABLE Details ------- https://git.postgresql.org/pg/commitdiff/9eecea7f373ab6bdff61d31666d6d3b0c435763f Modified Files -------------- src/backend/replication/logical/reorderbuffer.c | 2 +- src/backend/replication/logical/worker.c | 9 ++++++++- 2 files changed, 9 insertions(+), 2 deletions(-)
В списке pgsql-committers по дате отправления: