diff options
| author | Robert Haas <rhaas@postgresql.org> | 2011-12-22 12:55:27 -0500 |
|---|---|---|
| committer | Robert Haas <rhaas@postgresql.org> | 2011-12-22 13:02:57 -0500 |
| commit | 8d15e3ec4fcb735875a8a70a09ec0c62153c3329 (patch) | |
| tree | c13b774bdf3b4dd6b9f421c4d4b09a890761cc64 /src | |
| parent | c31224e257a57fc9ad1c602414d9f6f5f4ce4ae3 (diff) | |
| download | postgresql-8d15e3ec4fcb735875a8a70a09ec0c62153c3329.tar.gz postgresql-8d15e3ec4fcb735875a8a70a09ec0c62153c3329.zip | |
Don't forget to de-escape the password field in .pgpass.
This has been broken just about forever (or more specifically, commit
7f4981f4af1700456f98ac3f2b2d84959919ec81) and nobody noticed until
Richard Huxton reported it recently. Analysis and fix by Ross
Reedstrom, although I didn't use his patch. This doesn't seem
important enough to back-patch and is mildly backward incompatible, so
I'm just doing this in master.
Diffstat (limited to 'src')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index 50f3f83aaeb..f3762af9da3 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -4904,7 +4904,9 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) while (!feof(fp) && !ferror(fp)) { char *t = buf, - *ret; + *ret, + *p1, + *p2; int len; if (fgets(buf, sizeof(buf), fp) == NULL) @@ -4925,6 +4927,16 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username) continue; ret = strdup(t); fclose(fp); + + /* De-escape password. */ + for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2) + { + if (*p1 == '\\' && p1[1] != '\0') + ++p1; + *p2 = *p1; + } + *p2 = '\0'; + return ret; } |