psql_check_file_params_before_login.patch
application/octet-stream
Filename: psql_check_file_params_before_login.patch
Type: application/octet-stream
Part: 0
Patch
Same data as JSON:
GET /api/v1/attachments/:id/patch
the parsed metadata as JSON — format, series position, per-file stats; never the diff bytes.
API reference →
Format: unified
| File | + | − |
|---|---|---|
| src/bin/psql/command.c | 0 | 0 |
| src/bin/psql/command.h | 0 | 0 |
| src/bin/psql/startup.c | 0 | 0 |
diff --git a/src/bin/psql/command.c b/src/bin/psql/command.c
new file mode 100644
index 8ccd00d..2a324ae
*** a/src/bin/psql/command.c
--- b/src/bin/psql/command.c
*************** int
*** 2049,2058 ****
process_file(char *filename, bool single_txn, bool use_relative_path)
{
FILE *fd;
! int result;
! char *oldfilename;
! char relpath[MAXPGPATH];
! PGresult *res;
if (!filename)
{
--- 2049,2077 ----
process_file(char *filename, bool single_txn, bool use_relative_path)
{
FILE *fd;
!
! fd = get_fd_for_process(filename, use_relative_path);
! if (!fd)
! {
! return EXIT_FAILURE;
! }
!
! return process_fd(fd, filename, single_txn);
! }
!
!
!
! /*
! * get_fd_for_process
! *
! * Open a file to read and process commands from, used by process_file and
! * the -f startup option
! */
! FILE *
! get_fd_for_process(char *filename, bool use_relative_path)
! {
! FILE *fd;
! char relpath[MAXPGPATH];
if (!filename)
{
*************** process_file(char *filename, bool single
*** 2085,2091 ****
if (!fd)
{
psql_error("%s: %s\n", filename, strerror(errno));
- return EXIT_FAILURE;
}
}
else
--- 2104,2109 ----
*************** process_file(char *filename, bool single
*** 2094,2099 ****
--- 2112,2133 ----
filename = "<stdin>"; /* for future error messages */
}
+ return fd;
+ }
+
+
+
+ /*
+ * process_fd
+ *
+ */
+ int
+ process_fd(FILE *fd, char *filename, bool single_txn)
+ {
+ int result;
+ char *oldfilename;
+ PGresult *res;
+
oldfilename = pset.inputfile;
pset.inputfile = filename;
*************** error:
*** 2132,2137 ****
--- 2166,2172 ----
fclose(fd);
pset.inputfile = oldfilename;
+
return result;
}
diff --git a/src/bin/psql/command.h b/src/bin/psql/command.h
new file mode 100644
index f0bcea0..b44ea16
*** a/src/bin/psql/command.h
--- b/src/bin/psql/command.h
*************** extern backslashResult HandleSlashCmds(P
*** 28,33 ****
--- 28,35 ----
PQExpBuffer query_buf);
extern int process_file(char *filename, bool single_txn, bool use_relative_path);
+ extern FILE * get_fd_for_process(char *filename, bool use_relative_path);
+ extern int process_fd(FILE *fd, char *filename, bool single_txn);
extern bool do_pset(const char *param,
const char *value,
diff --git a/src/bin/psql/startup.c b/src/bin/psql/startup.c
new file mode 100644
index 1fcc47f..513e357
*** a/src/bin/psql/startup.c
--- b/src/bin/psql/startup.c
*************** struct adhoc_opts
*** 65,70 ****
--- 65,71 ----
char *logfilename;
enum _actions action;
char *action_string;
+ FILE *fd;
bool no_readline;
bool no_psqlrc;
bool single_txn;
*************** main(int argc, char *argv[])
*** 184,189 ****
--- 185,218 ----
pset.popt.topt.recordSep.separator_zero = false;
}
+
+ /*
+ * Before asking the user for a password, sanity check those options which can be
+ * checked without information leakage.
+ * --ouput has been checked during setQFout called from parse_psql_option
+ */
+ if (options.logfilename)
+ {
+ pset.logfile = fopen(options.logfilename, "a");
+ if (!pset.logfile)
+ {
+ fprintf(stderr, _("%s: could not open log file \"%s\": %s\n"),
+ pset.progname, options.logfilename, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ }
+ if (options.action == ACT_FILE)
+ {
+ options.fd = get_fd_for_process(options.action_string, false);
+ if (!options.fd)
+ {
+ /*
+ * Reporting the error has already been done in get_fd_for_process
+ */
+ exit(EXIT_FAILURE);
+ }
+ }
+
if (options.username == NULL)
password_prompt = pg_strdup(_("Password: "));
else
*************** main(int argc, char *argv[])
*** 265,278 ****
exit(success ? EXIT_SUCCESS : EXIT_FAILURE);
}
- if (options.logfilename)
- {
- pset.logfile = fopen(options.logfilename, "a");
- if (!pset.logfile)
- fprintf(stderr, _("%s: could not open log file \"%s\": %s\n"),
- pset.progname, options.logfilename, strerror(errno));
- }
-
/*
* Now find something to do
*/
--- 294,299 ----
*************** main(int argc, char *argv[])
*** 285,291 ****
if (!options.no_psqlrc)
process_psqlrc(argv[0]);
! successResult = process_file(options.action_string, options.single_txn, false);
}
/*
--- 306,312 ----
if (!options.no_psqlrc)
process_psqlrc(argv[0]);
! successResult = process_fd(options.fd, options.action_string, options.single_txn);
}
/*
*************** parse_psql_options(int argc, char *argv[
*** 453,459 ****
options->no_readline = true;
break;
case 'o':
! setQFout(optarg);
break;
case 'p':
options->port = pg_strdup(optarg);
--- 474,481 ----
options->no_readline = true;
break;
case 'o':
! if (!(setQFout(optarg)))
! exit(EXIT_FAILURE);
break;
case 'p':
options->port = pg_strdup(optarg);