 [BUGS] initdb Did Not Escape the Password -
05-07-2006
, 01:43 AM
--===[PGP/MIME_RFC2015]===445D8F4F.00EC===
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Dear all,
The initdb seems did not escape (PQescapeString) the password. The
following is my test result, with password: ab'ds)24
imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U postgres -W
The files belonging to this database system will be owned by user "postgres".
This user must also own the server process.
The database cluster will be initialized with locale en_US.utf8.
fixing permissions on existing directory /tmp/postgres ... ok
creating directory /tmp/postgres/global ... ok
creating directory /tmp/postgres/pg_xlog ... ok
creating directory /tmp/postgres/pg_xlog/archive_status ... ok
creating directory /tmp/postgres/pg_clog ... ok
creating directory /tmp/postgres/pg_subtrans ... ok
creating directory /tmp/postgres/pg_twophase ... ok
creating directory /tmp/postgres/pg_multixact/members ... ok
creating directory /tmp/postgres/pg_multixact/offsets ... ok
creating directory /tmp/postgres/base ... ok
creating directory /tmp/postgres/base/1 ... ok
creating directory /tmp/postgres/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /tmp/postgres/base/1 ... ok
initializing pg_authid ... ok
Enter new superuser password:
Enter it again:
setting password ... FATAL: syntax error at or near "ds" at character 41
child process exited with exit code 1
initdb: removing contents of data directory "/tmp/postgres"
imacat@atlas ~ %
I have attached a patch that seems to solve this issue. It works
for me. Please tell me if there is any problem.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
diff -u -r postgresql-8.1.3.orig/src/bin/initdb/initdb.c postgresql-8.1.3/src/bin/initdb/initdb.c
- --- postgresql-8.1.3.orig/src/bin/initdb/initdb.c 2005-11-23 02:23:26.000000000 +0800
+++ postgresql-8.1.3/src/bin/initdb/initdb.c 2006-05-07 14:07:30.000000000 +0800
@@ -1420,9 +1420,10 @@
{
PG_CMD_DECL;
- - char *pwd1,
+ char *pwd1, *pwdesc,
*pwd2;
char pwdpath[MAXPGPATH];
+ size_t pwdlen;
struct stat statbuf;
if (pwprompt)
@@ -1484,8 +1485,11 @@
PG_CMD_OPEN;
+ pwdlen = strlen(pwd1);
+ pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
+ PQescapeString(pwdesc, pwd1, pwdlen);
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
- - effective_user, pwd1);
+ effective_user, pwdesc);
PG_CMD_CLOSE;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFEXY7Vi9gubzC5S1wRAmuJAJ0UxXXuLQHDa2rPTUxZTg M0iIn8/wCgih3o
cIMfUjN+Y6F0zHFSgmxrA2k=
=pvBZ
-----END PGP SIGNATURE-----
--
Best regards,
imacat ^_*' <imacat (AT) mail (DOT) imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
--===[PGP/MIME_RFC2015]===445D8F4F.00EC===
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
iEYEABECAAYFAkRdj08ACgkQi9gubzC5S1yLuwCcD+WFv/2ToAT/4jLVQEYljAum
eIoAn1duWljq/fzu+oBIY/N/vIyuRBKW
=2X/e
-----END PGP SIGNATURE-----
--===[PGP/MIME_RFC2015]===445D8F4F.00EC===--
 |
Linear Mode
