diff options
| -rw-r--r-- | src/backend/libpq/be-secure.c | 37 | ||||
| -rw-r--r-- | src/backend/tcop/postgres.c | 6 |
2 files changed, 27 insertions, 16 deletions
diff --git a/src/backend/libpq/be-secure.c b/src/backend/libpq/be-secure.c index 7f01a78e79e..fb468fec43f 100644 --- a/src/backend/libpq/be-secure.c +++ b/src/backend/libpq/be-secure.c @@ -295,6 +295,7 @@ rloop: (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); + errno = ECONNRESET; n = -1; break; } @@ -416,28 +417,32 @@ wloop: (errcode(ERRCODE_PROTOCOL_VIOLATION), errmsg("unrecognized SSL error code: %d", err))); + errno = ECONNRESET; n = -1; break; } - /* is renegotiation complete? */ - if (in_ssl_renegotiation && - SSL_num_renegotiations(port->ssl) >= 1) + if (n >= 0) { - in_ssl_renegotiation = false; - port->count = 0; - } + /* is renegotiation complete? */ + if (in_ssl_renegotiation && + SSL_num_renegotiations(port->ssl) >= 1) + { + in_ssl_renegotiation = false; + port->count = 0; + } - /* - * if renegotiation is still ongoing, and we've gone beyond the limit, - * kill the connection now -- continuing to use it can be considered a - * security problem. - */ - if (in_ssl_renegotiation && - port->count > ssl_renegotiation_limit * 1024L) - ereport(FATAL, - (errcode(ERRCODE_PROTOCOL_VIOLATION), - errmsg("SSL failed to renegotiate connection before limit expired"))); + /* + * if renegotiation is still ongoing, and we've gone beyond the + * limit, kill the connection now -- continuing to use it can be + * considered a security problem. + */ + if (in_ssl_renegotiation && + port->count > ssl_renegotiation_limit * 1024L) + ereport(FATAL, + (errcode(ERRCODE_PROTOCOL_VIOLATION), + errmsg("SSL failed to renegotiate connection before limit expired"))); + } } else #endif diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index 181e3fe1f6c..3d74654c827 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -526,16 +526,22 @@ prepare_for_client_read(void) /* * client_read_ended -- get out of the client-input state + * + * This is called just after low-level reads. It must preserve errno! */ void client_read_ended(void) { if (DoingCommandRead) { + int save_errno = errno; + ImmediateInterruptOK = false; DisableNotifyInterrupt(); DisableCatchupInterrupt(); + + errno = save_errno; } } |