Tom Lane wrote:
> I wrote:
> > Uh, that hardly meets the API contract that I mentioned.  I think
> > we really have to throw an error if the path tries to ".." above
> > the starting point.
> 
> After rereading all the callers of canonicalize_path, I've concluded
> that none of them actually depend on not having a terminating ".."
> as I thought.  There is a risk factor, which is that a lot of places
> blindly trim the last component of a path --- but AFAICS, this is only
> done with paths that are known to represent the name of a program,
> so the last component wouldn't be ".." anyway.
> 
> So your last version of the patch seems like the way to go.  I'll
> apply it along with changing path.c to support the parent-directory
> test better.

OK, here is a version that errors out that I just applied and reversed
out when I saw your email.  Feel free to use it or discard it.

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073
Index: src/backend/postmaster/postmaster.c
===================================================================
RCS file: /cvsroot/pgsql/src/backend/postmaster/postmaster.c,v
retrieving revision 1.464
diff -c -c -r1.464 postmaster.c
*** src/backend/postmaster/postmaster.c 12 Aug 2005 18:23:53 -0000      1.464
--- src/backend/postmaster/postmaster.c 12 Aug 2005 19:40:44 -0000
***************
*** 377,384 ****
        char       *userDoption = NULL;
        int                     i;
  
!       /* This will call exit() if strdup() fails. */
!       progname = get_progname(argv[0]);       
  
        MyProcPid = PostmasterPid = getpid();
  
--- 377,387 ----
        char       *userDoption = NULL;
        int                     i;
  
!       if ((progname = get_progname(argv[0])) == NULL)
!       {
!               printf(_("unable to allocate memory for program name 
\"%s\".\n"), progname);
!               ExitPostmaster(0);
!       }
  
        MyProcPid = PostmasterPid = getpid();
  
Index: src/port/Makefile
===================================================================
RCS file: /cvsroot/pgsql/src/port/Makefile,v
retrieving revision 1.25
diff -c -c -r1.25 Makefile
*** src/port/Makefile   20 Mar 2005 03:53:39 -0000      1.25
--- src/port/Makefile   12 Aug 2005 19:40:51 -0000
***************
*** 31,36 ****
--- 31,37 ----
  LIBOBJS_SRV := $(patsubst dirmod.o,dirmod_srv.o, $(LIBOBJS_SRV))
  LIBOBJS_SRV := $(patsubst exec.o,exec_srv.o, $(LIBOBJS_SRV))
  LIBOBJS_SRV := $(patsubst getaddrinfo.o,getaddrinfo_srv.o, $(LIBOBJS_SRV))
+ LIBOBJS_SRV := $(patsubst path.o,path_srv.o, $(LIBOBJS_SRV))
  LIBOBJS_SRV := $(patsubst thread.o,thread_srv.o, $(LIBOBJS_SRV))
  
  all: libpgport.a libpgport_srv.a
***************
*** 66,72 ****
  getaddrinfo_srv.o: getaddrinfo.c
        $(CC) $(CFLAGS) $(subst -DFRONTEND,, $(CPPFLAGS)) -c $< -o $@
  
! snprintf_srv.o: snprintf.c
        $(CC) $(CFLAGS) $(subst -DFRONTEND,, $(CPPFLAGS)) -c $< -o $@
  
  # No thread flags for server version
--- 67,73 ----
  getaddrinfo_srv.o: getaddrinfo.c
        $(CC) $(CFLAGS) $(subst -DFRONTEND,, $(CPPFLAGS)) -c $< -o $@
  
! path_srv.o: path.c
        $(CC) $(CFLAGS) $(subst -DFRONTEND,, $(CPPFLAGS)) -c $< -o $@
  
  # No thread flags for server version
Index: src/port/path.c
===================================================================
RCS file: /cvsroot/pgsql/src/port/path.c,v
retrieving revision 1.54
diff -c -c -r1.54 path.c
*** src/port/path.c     12 Aug 2005 03:07:45 -0000      1.54
--- src/port/path.c     12 Aug 2005 19:40:53 -0000
***************
*** 13,19 ****
   *-------------------------------------------------------------------------
   */
  
! #include "c.h"
  
  #include <ctype.h>
  #include <sys/stat.h>
--- 13,23 ----
   *-------------------------------------------------------------------------
   */
  
! #ifndef FRONTEND
! #include "postgres.h"
! #else
! #include "postgres_fe.h"
! #endif
  
  #include <ctype.h>
  #include <sys/stat.h>
***************
*** 226,231 ****
--- 230,236 ----
  {
        char       *p, *to_p;
        bool            was_sep = false;
+       int                     pending_strips = 0;
  
  #ifdef WIN32
        /*
***************
*** 284,302 ****
  
                if (len > 2 && strcmp(path + len - 2, "/.") == 0)
                        trim_directory(path);
!               /*
!                *      Process only a single trailing "..", and only if ".." 
does
!                *      not preceed it.
!                *      So, we only deal with "/usr/local/..", not with 
"/usr/local/../..".
!                *      We don't handle the even more complex cases, like
!                *      "usr/local/../../..".
!                */
!               else if (len > 3 && strcmp(path + len - 3, "/..") == 0 &&
!                                (len != 5 || strcmp(path, "../..") != 0) &&
!                                (len < 6 || strcmp(path + len - 6, "/../..") 
!= 0))
                {
                        trim_directory(path);
!                       trim_directory(path);   /* remove directory above */
                }
                else
                        break;
--- 289,326 ----
  
                if (len > 2 && strcmp(path + len - 2, "/.") == 0)
                        trim_directory(path);
!               else if (len > 3 && strcmp(path + len - 3, "/..") == 0)
                {
                        trim_directory(path);
!                       pending_strips++;
!               }
!               else if (pending_strips > 0)
!               {
!                       /*      If path is not "", we can keep trimming.  Even 
if path is
!                        *      "/", we can keep trimming because 
trim_directory never removes
!                        *      the leading separator, and the parent directory 
of "/" is "/".
!                        */
!                       if (*path != '\0')
!                       {
!                               trim_directory(path);
!                               pending_strips--;
!                       }
!                       else
!                       {
!                               /*
!                                *      If we still have pending_strips, it 
means the supplied path
!                                *      was exhausted and we still have more 
directories to move up.
!                                *      This means that the resulting path is 
only parents, like
!                                *      ".." or "../..".  If so, callers can 
not handle trailing "..",
!                                *      so we exit.
!                                */
! #ifndef FRONTEND
!                               elog(ERROR, "relative paths (\"..\") not 
supported");
! #else
!                               fprintf(stderr, _("relative paths (\"..\") not 
supported\n"));
!                               exit(1);
! #endif
!                       }
                }
                else
                        break;
***************
*** 305,312 ****
  
  
  /*
!  * Extracts the actual name of the program as called - 
!  * stripped of .exe suffix if any
   */
  const char *
  get_progname(const char *argv0)
--- 329,338 ----
  
  
  /*
!  *    Extracts the actual name of the program as called - 
!  *    stripped of .exe suffix if any.
!  *    The server calling this must check for NULL return
!  *    and report the error.
   */
  const char *
  get_progname(const char *argv0)
***************
*** 329,336 ****
                progname = strdup(nodir_name);
                if (progname == NULL)
                {
                        fprintf(stderr, "%s: out of memory\n", nodir_name);
!                       exit(1);        /* This could exit the postmaster */
                }
                progname[strlen(progname) - (sizeof(EXE) - 1)] = '\0';
                nodir_name = progname; 
--- 355,370 ----
                progname = strdup(nodir_name);
                if (progname == NULL)
                {
+ #ifndef FRONTEND
+                       /*
+                        *      No elog() support in postmaster at this stage,
+                        *      so return NULL and print error at the call.
+                        */
+                       return NULL;
+ #else
                        fprintf(stderr, "%s: out of memory\n", nodir_name);
!                       exit(1);
! #endif
                }
                progname[strlen(progname) - (sizeof(EXE) - 1)] = '\0';
                nodir_name = progname; 
---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org

Reply via email to