From ba8c4089d693305c817181ce099a32d6117abe24 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 8 Aug 2016 10:07:46 -0400 Subject: Field conninfo strings throughout src/bin/scripts. These programs nominally accepted conninfo strings, but they would proceed to use the original dbname parameter as though it were an unadorned database name. This caused "reindexdb dbname=foo" to issue an SQL command that always failed, and other programs printed a conninfo string in error messages that purported to print a database name. Fix both problems by using PQdb() to retrieve actual database names. Continue to print the full conninfo string when reporting a connection failure. It is informative there, and if the database name is the sole problem, the server-side error message will include the name. Beyond those user-visible fixes, this allows a subsequent commit to synthesize and use conninfo strings without that implementation detail leaking into messages. As a side effect, the "vacuuming database" message now appears after, not before, the connection attempt. Back-patch to 9.1 (all supported versions). Reviewed by Michael Paquier and Peter Eisentraut. Security: CVE-2016-5424 --- src/bin/scripts/clusterdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/bin/scripts/clusterdb.c') diff --git a/src/bin/scripts/clusterdb.c b/src/bin/scripts/clusterdb.c index f4c317ae149..8ed839490c8 100644 --- a/src/bin/scripts/clusterdb.c +++ b/src/bin/scripts/clusterdb.c @@ -185,10 +185,10 @@ cluster_one_database(const char *dbname, bool verbose, const char *table, { if (table) fprintf(stderr, _("%s: clustering of table \"%s\" in database \"%s\" failed: %s"), - progname, table, dbname, PQerrorMessage(conn)); + progname, table, PQdb(conn), PQerrorMessage(conn)); else fprintf(stderr, _("%s: clustering of database \"%s\" failed: %s"), - progname, dbname, PQerrorMessage(conn)); + progname, PQdb(conn), PQerrorMessage(conn)); PQfinish(conn); exit(1); } -- cgit v1.2.3