Обсуждение: BUG #2424: initdb Did Not Escape the Password
The following bug has been logged online: Bug reference: 2424 Logged by: imacat Email address: imacat@mail.imacat.idv.tw PostgreSQL version: 8.1.3 Operating system: Linux Description: initdb Did Not Escape the Password Details: The initdb seems did not escape (PQescapeString) the password. The following is my test result, with password: ab'ds)24 imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U postgres -W The files belonging to this database system will be owned by user "postgres". This user must also own the server process. The database cluster will be initialized with locale en_US.utf8. fixing permissions on existing directory /tmp/postgres ... ok creating directory /tmp/postgres/global ... ok creating directory /tmp/postgres/pg_xlog ... ok creating directory /tmp/postgres/pg_xlog/archive_status ... ok creating directory /tmp/postgres/pg_clog ... ok creating directory /tmp/postgres/pg_subtrans ... ok creating directory /tmp/postgres/pg_twophase ... ok creating directory /tmp/postgres/pg_multixact/members ... ok creating directory /tmp/postgres/pg_multixact/offsets ... ok creating directory /tmp/postgres/base ... ok creating directory /tmp/postgres/base/1 ... ok creating directory /tmp/postgres/pg_tblspc ... ok selecting default max_connections ... 100 selecting default shared_buffers ... 1000 creating configuration files ... ok creating template1 database in /tmp/postgres/base/1 ... ok initializing pg_authid ... ok Enter new superuser password: Enter it again: setting password ... FATAL: syntax error at or near "ds" at character 41 child process exited with exit code 1 initdb: removing contents of data directory "/tmp/postgres" imacat@atlas ~ % I have attached a patch that seems to solve this issue. It works for me. Please tell me if there is any problem. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 diff -u -r postgresql-8.1.3.orig/src/bin/initdb/initdb.c postgresql-8.1.3/src/bin/initdb/initdb.c - --- postgresql-8.1.3.orig/src/bin/initdb/initdb.c 2005-11-23 02:23:26.000000000 +0800 +++ postgresql-8.1.3/src/bin/initdb/initdb.c 2006-05-07 14:07:30.000000000 +0800 @@ -1420,9 +1420,10 @@ { PG_CMD_DECL; - - char *pwd1, + char *pwd1, *pwdesc, *pwd2; char pwdpath[MAXPGPATH]; + size_t pwdlen; struct stat statbuf; if (pwprompt) @@ -1484,8 +1485,11 @@ PG_CMD_OPEN; + pwdlen = strlen(pwd1); + pwdesc = (char *)pg_malloc(pwdlen * 2 + 1); + PQescapeString(pwdesc, pwd1, pwdlen); PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n", - - effective_user, pwd1); + effective_user, pwdesc); PG_CMD_CLOSE; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEXY7Vi9gubzC5S1wRAmuJAJ0UxXXuLQHDa2rPTUxZTgM0iIn8/wCgih3o cIMfUjN+Y6F0zHFSgmxrA2k= =pvBZ -----END PGP SIGNATURE-----
Has anyone notice this? I found that this is not fixed in the 8.1.4 release. I have made a new patch for 8.1.4. It is attached below. Please tell me if there is any problem. Thank you. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 diff -u -r postgresql-8.1.4.orig/src/bin/initdb/initdb.c postgresql-8.1.4/src/bin/initdb/initdb.c - --- postgresql-8.1.4.orig/src/bin/initdb/initdb.c 2006-02-24 08:55:27.000000000 +0800 +++ postgresql-8.1.4/src/bin/initdb/initdb.c 2006-05-25 12:30:34.000000000 +0800 @@ -58,6 +58,7 @@ #include <langinfo.h> #endif +#include "libpq-fe.h" #include "libpq/pqsignal.h" #include "mb/pg_wchar.h" #include "getaddrinfo.h" @@ -1419,9 +1420,10 @@ { PG_CMD_DECL; - - char *pwd1, + char *pwd1, *pwdesc, *pwd2; char pwdpath[MAXPGPATH]; + size_t pwdlen; struct stat statbuf; if (pwprompt) @@ -1483,8 +1485,12 @@ PG_CMD_OPEN; + pwdlen = strlen(pwd1); + pwdesc = (char *)pg_malloc(pwdlen * 2 + 1); + PQescapeString(pwdesc, pwd1, pwdlen); PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n", - - username, pwd1); + username, pwdesc); + free(pwdesc); PG_CMD_CLOSE; -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEd0dTi9gubzC5S1wRAjM4AJ9gZGZ4IcbzE+CYX9HcOeMa2o9IpQCdFMyT S5N4shISjXRXmrnN/98zAUs= =uY5a -----END PGP SIGNATURE----- On Sun, 7 May 2006 06:28:53 GMT "imacat" <imacat@mail.imacat.idv.tw> wrote: > The following bug has been logged online: > > Bug reference: 2424 > Logged by: imacat > Email address: imacat@mail.imacat.idv.tw > PostgreSQL version: 8.1.3 > Operating system: Linux > Description: initdb Did Not Escape the Password > Details: > > The initdb seems did not escape (PQescapeString) the password. The > following is my test result, with password: ab'ds)24 > > imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U > postgres -W > The files belonging to this database system will be owned by user > "postgres". > This user must also own the server process. > > The database cluster will be initialized with locale en_US.utf8. > > fixing permissions on existing directory /tmp/postgres ... ok > creating directory /tmp/postgres/global ... ok > creating directory /tmp/postgres/pg_xlog ... ok > creating directory /tmp/postgres/pg_xlog/archive_status ... ok > creating directory /tmp/postgres/pg_clog ... ok > creating directory /tmp/postgres/pg_subtrans ... ok > creating directory /tmp/postgres/pg_twophase ... ok > creating directory /tmp/postgres/pg_multixact/members ... ok > creating directory /tmp/postgres/pg_multixact/offsets ... ok > creating directory /tmp/postgres/base ... ok > creating directory /tmp/postgres/base/1 ... ok > creating directory /tmp/postgres/pg_tblspc ... ok > selecting default max_connections ... 100 > selecting default shared_buffers ... 1000 > creating configuration files ... ok > creating template1 database in /tmp/postgres/base/1 ... ok > initializing pg_authid ... ok > Enter new superuser password: > Enter it again: > setting password ... FATAL: syntax error at or near "ds" at character 41 > child process exited with exit code 1 > initdb: removing contents of data directory "/tmp/postgres" > imacat@atlas ~ % > > I have attached a patch that seems to solve this issue. It works > for me. Please tell me if there is any problem. -- Best regards, imacat ^_*' <imacat@mail.imacat.idv.tw> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt <<Woman's Voice>> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
Your patch has been added to the PostgreSQL unapplied patches list at: http://momjian.postgresql.org/cgi-bin/pgpatches It will be applied as soon as one of the PostgreSQL committers reviews and approves it. --------------------------------------------------------------------------- imacat wrote: -- Start of PGP signed section. > Has anyone notice this? I found that this is not fixed in the 8.1.4 > release. > > I have made a new patch for 8.1.4. It is attached below. Please > tell me if there is any problem. Thank you. > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > diff -u -r postgresql-8.1.4.orig/src/bin/initdb/initdb.c postgresql-8.1.4/src/bin/initdb/initdb.c > - --- postgresql-8.1.4.orig/src/bin/initdb/initdb.c 2006-02-24 08:55:27.000000000 +0800 > +++ postgresql-8.1.4/src/bin/initdb/initdb.c 2006-05-25 12:30:34.000000000 +0800 > @@ -58,6 +58,7 @@ > #include <langinfo.h> > #endif > > +#include "libpq-fe.h" > #include "libpq/pqsignal.h" > #include "mb/pg_wchar.h" > #include "getaddrinfo.h" > @@ -1419,9 +1420,10 @@ > { > PG_CMD_DECL; > > - - char *pwd1, > + char *pwd1, *pwdesc, > *pwd2; > char pwdpath[MAXPGPATH]; > + size_t pwdlen; > struct stat statbuf; > > if (pwprompt) > @@ -1483,8 +1485,12 @@ > > PG_CMD_OPEN; > > + pwdlen = strlen(pwd1); > + pwdesc = (char *)pg_malloc(pwdlen * 2 + 1); > + PQescapeString(pwdesc, pwd1, pwdlen); > PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n", > - - username, pwd1); > + username, pwdesc); > + free(pwdesc); > > PG_CMD_CLOSE; > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.3 (GNU/Linux) > > iD8DBQFEd0dTi9gubzC5S1wRAjM4AJ9gZGZ4IcbzE+CYX9HcOeMa2o9IpQCdFMyT > S5N4shISjXRXmrnN/98zAUs= > =uY5a > -----END PGP SIGNATURE----- > > On Sun, 7 May 2006 06:28:53 GMT > "imacat" <imacat@mail.imacat.idv.tw> wrote: > > The following bug has been logged online: > > > > Bug reference: 2424 > > Logged by: imacat > > Email address: imacat@mail.imacat.idv.tw > > PostgreSQL version: 8.1.3 > > Operating system: Linux > > Description: initdb Did Not Escape the Password > > Details: > > > > The initdb seems did not escape (PQescapeString) the password. The > > following is my test result, with password: ab'ds)24 > > > > imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U > > postgres -W > > The files belonging to this database system will be owned by user > > "postgres". > > This user must also own the server process. > > > > The database cluster will be initialized with locale en_US.utf8. > > > > fixing permissions on existing directory /tmp/postgres ... ok > > creating directory /tmp/postgres/global ... ok > > creating directory /tmp/postgres/pg_xlog ... ok > > creating directory /tmp/postgres/pg_xlog/archive_status ... ok > > creating directory /tmp/postgres/pg_clog ... ok > > creating directory /tmp/postgres/pg_subtrans ... ok > > creating directory /tmp/postgres/pg_twophase ... ok > > creating directory /tmp/postgres/pg_multixact/members ... ok > > creating directory /tmp/postgres/pg_multixact/offsets ... ok > > creating directory /tmp/postgres/base ... ok > > creating directory /tmp/postgres/base/1 ... ok > > creating directory /tmp/postgres/pg_tblspc ... ok > > selecting default max_connections ... 100 > > selecting default shared_buffers ... 1000 > > creating configuration files ... ok > > creating template1 database in /tmp/postgres/base/1 ... ok > > initializing pg_authid ... ok > > Enter new superuser password: > > Enter it again: > > setting password ... FATAL: syntax error at or near "ds" at character 41 > > child process exited with exit code 1 > > initdb: removing contents of data directory "/tmp/postgres" > > imacat@atlas ~ % > > > > I have attached a patch that seems to solve this issue. It works > > for me. Please tell me if there is any problem. > > -- > Best regards, > imacat ^_*' <imacat@mail.imacat.idv.tw> > PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt > > <<Woman's Voice>> News: http://www.wov.idv.tw/ > Tavern IMACAT's: http://www.imacat.idv.tw/ > TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug -- End of PGP section, PGP failed! -- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Bruce Momjian <pgman@candle.pha.pa.us> writes: > Your patch has been added to the PostgreSQL unapplied patches list at: I don't particularly like this patch, because it is predicated on a false assumption, namely that initdb uses libpq to talk to the backend. ISTM PQescapeString is not the thing to use. (As a concrete example of why not, there'll be no way to make it use the correct value of standard_conforming_strings, when that default changes.) I think the best solution is probably to use the existing escape_quotes function and to place its output in an E'' string. I looked through initdb to see if there were any other places where it was creating SQL string literals that might have escaping problems. All of the COPY commands it issues are potentially at risk: consider the possibility that the installation sharedir has a quote or backslash in its path. I didn't see any other holes though. Will fix this later today. regards, tom lane
Yes, I was going to rework the patch to use the ideas you suggested. I wasn't going to apply it as-is. Anyway, feel free to address it. --------------------------------------------------------------------------- Tom Lane wrote: > Bruce Momjian <pgman@candle.pha.pa.us> writes: > > Your patch has been added to the PostgreSQL unapplied patches list at: > > I don't particularly like this patch, because it is predicated on a > false assumption, namely that initdb uses libpq to talk to the backend. > ISTM PQescapeString is not the thing to use. (As a concrete example > of why not, there'll be no way to make it use the correct value of > standard_conforming_strings, when that default changes.) > > I think the best solution is probably to use the existing escape_quotes > function and to place its output in an E'' string. > > I looked through initdb to see if there were any other places where it > was creating SQL string literals that might have escaping problems. > All of the COPY commands it issues are potentially at risk: consider > the possibility that the installation sharedir has a quote or backslash > in its path. I didn't see any other holes though. > > Will fix this later today. > > regards, tom lane > -- Bruce Momjian http://candle.pha.pa.us EnterpriseDB http://www.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
On Sat, 27 May 2006 13:26:24 -0400 (EDT) Bruce Momjian <pgman@candle.pha.pa.us> wrote: > Yes, I was going to rework the patch to use the ideas you suggested. I > wasn't going to apply it as-is. Anyway, feel free to address it. > Tom Lane wrote: > > Bruce Momjian <pgman@candle.pha.pa.us> writes: Thank you for your attention. I thought my patch need to be reworked, too. I use rather long and complex password for the initial user "postgres" so that I don't have to remember it. I do hope this simple issue could be solved soon. And for the path escaping problem, well, almost all Unix applications have this issue to be solved. The Perl doesn't work with an installation prefix with spaces, thus can't be installed into "C:\Program Files". I hope this could be solved, too, though I myself am not in rush need of this. -- Best regards, imacat ^_*' <imacat@mail.imacat.idv.tw> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt <<Woman's Voice>> News: http://www.wov.idv.tw/ Tavern IMACAT's: http://www.imacat.idv.tw/ TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug