diff options
| author | Tom Lane <tgl@sss.pgh.pa.us> | 2025-10-05 16:27:47 -0400 |
|---|---|---|
| committer | Tom Lane <tgl@sss.pgh.pa.us> | 2025-10-05 16:27:47 -0400 |
| commit | ea78bd6d5d0f18c09db1e3ec6fd19be38d706030 (patch) | |
| tree | 92db0b9073bbac33d497c8daba6b24f7a07f65d4 | |
| parent | 1a8b5b11e48a8fb086228542d1d4b379f23bdc1e (diff) | |
Use SOCK_ERRNO[_SET] in fe-secure-gssapi.c.HEADorigin/masterorigin/HEADmaster
On Windows, this code did not handle error conditions correctly at
all, since it looked at "errno" which is not used for socket-related
errors on that platform. This resulted, for example, in failure
to connect to a PostgreSQL server with GSSAPI enabled.
We have a convention for dealing with this within libpq, which is to
use SOCK_ERRNO and SOCK_ERRNO_SET rather than touching errno directly;
but the GSSAPI code is a relative latecomer and did not get that memo.
(The equivalent backend code continues to use errno, because the
backend does this differently. Maybe libpq's approach should be
rethought someday.)
Apparently nobody tries to build libpq with GSSAPI support on Windows,
or we'd have heard about this before, because it's been broken all
along. Back-patch to all supported branches.
Author: Ning Wu <ning94803@gmail.com>
Co-authored-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/CAFGqpvg-pRw=cdsUpKYfwY6D3d-m9tw8WMcAEE7HHWfm-oYWvw@mail.gmail.com
Backpatch-through: 13
| -rw-r--r-- | src/interfaces/libpq/fe-secure-gssapi.c | 27 |
1 files changed, 15 insertions, 12 deletions
diff --git a/src/interfaces/libpq/fe-secure-gssapi.c b/src/interfaces/libpq/fe-secure-gssapi.c index bc9e1ce06fa..843b31e175f 100644 --- a/src/interfaces/libpq/fe-secure-gssapi.c +++ b/src/interfaces/libpq/fe-secure-gssapi.c @@ -121,7 +121,7 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len) { appendPQExpBufferStr(&conn->errorMessage, "GSSAPI caller failed to retransmit all data needing to be retried\n"); - errno = EINVAL; + SOCK_ERRNO_SET(EINVAL); return -1; } @@ -199,14 +199,14 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len) if (major != GSS_S_COMPLETE) { pg_GSS_error(libpq_gettext("GSSAPI wrap error"), conn, major, minor); - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ goto cleanup; } if (conf_state == 0) { libpq_append_conn_error(conn, "outgoing GSSAPI message would not use confidentiality"); - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ goto cleanup; } @@ -215,7 +215,7 @@ pg_GSS_write(PGconn *conn, const void *ptr, size_t len) libpq_append_conn_error(conn, "client tried to send oversize GSSAPI packet (%zu > %zu)", (size_t) output.length, PQ_GSS_MAX_PACKET_SIZE - sizeof(uint32)); - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ goto cleanup; } @@ -341,7 +341,7 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) /* If we still haven't got the length, return to the caller */ if (PqGSSRecvLength < sizeof(uint32)) { - errno = EWOULDBLOCK; + SOCK_ERRNO_SET(EWOULDBLOCK); return -1; } } @@ -354,7 +354,7 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) libpq_append_conn_error(conn, "oversize GSSAPI packet sent by the server (%zu > %zu)", (size_t) input.length, PQ_GSS_MAX_PACKET_SIZE - sizeof(uint32)); - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ return -1; } @@ -373,7 +373,7 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) /* If we don't yet have the whole packet, return to the caller */ if (PqGSSRecvLength - sizeof(uint32) < input.length) { - errno = EWOULDBLOCK; + SOCK_ERRNO_SET(EWOULDBLOCK); return -1; } @@ -393,7 +393,7 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) pg_GSS_error(libpq_gettext("GSSAPI unwrap error"), conn, major, minor); ret = -1; - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ goto cleanup; } @@ -401,7 +401,7 @@ pg_GSS_read(PGconn *conn, void *ptr, size_t len) { libpq_append_conn_error(conn, "incoming GSSAPI message did not use confidentiality"); ret = -1; - errno = EIO; /* for lack of a better idea */ + SOCK_ERRNO_SET(EIO); /* for lack of a better idea */ goto cleanup; } @@ -437,7 +437,8 @@ gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret) *ret = pqsecure_raw_read(conn, recv_buffer, length); if (*ret < 0) { - if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) + if (SOCK_ERRNO == EAGAIN || SOCK_ERRNO == EWOULDBLOCK || + SOCK_ERRNO == EINTR) return PGRES_POLLING_READING; else return PGRES_POLLING_FAILED; @@ -457,7 +458,8 @@ gss_read(PGconn *conn, void *recv_buffer, size_t length, ssize_t *ret) *ret = pqsecure_raw_read(conn, recv_buffer, length); if (*ret < 0) { - if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) + if (SOCK_ERRNO == EAGAIN || SOCK_ERRNO == EWOULDBLOCK || + SOCK_ERRNO == EINTR) return PGRES_POLLING_READING; else return PGRES_POLLING_FAILED; @@ -520,7 +522,8 @@ pqsecure_open_gss(PGconn *conn) ret = pqsecure_raw_write(conn, PqGSSSendBuffer + PqGSSSendNext, amount); if (ret < 0) { - if (errno == EAGAIN || errno == EWOULDBLOCK || errno == EINTR) + if (SOCK_ERRNO == EAGAIN || SOCK_ERRNO == EWOULDBLOCK || + SOCK_ERRNO == EINTR) return PGRES_POLLING_WRITING; else return PGRES_POLLING_FAILED; |