Postgres Pro
Downloads
Home   >   mailing lists

Thread: Error in chkpass.c (contrib area) with suggestion

Error in chkpass.c (contrib area) with suggestion

From
Sedlak Anton
Date:
Because author is not responding I'm writing to you.
In contrib/chkpass.c there is no checking against NULL values on input,
thus if you call eg. raw(NULL) then postgresql always dies.
Although storing encrypted password are highly required this behavior
makes this extension module unusable.

To correct it one must add some checkin before any PG_GETARG_XXX in
chkpass.c:
Suggested type of code follows:
------------------------------------------------------------------
 if(PG_ARGISNULL(0)) PG_RETURN_NULL();
------------------------------------------------------------------

Best regards and let me know if this is acceptable

Sedlak Anton

Re: Error in chkpass.c (contrib area) with suggestion

From
Stephan Szabo
Date:
On Tue, 22 Oct 2002, Sedlak Anton wrote:

> Because author is not responding I'm writing to you.
> In contrib/chkpass.c there is no checking against NULL values on input,
> thus if you call eg. raw(NULL) then postgresql always dies.
> Although storing encrypted password are highly required this behavior
> makes this extension module unusable.
>
> To correct it one must add some checkin before any PG_GETARG_XXX in
> chkpass.c:
> Suggested type of code follows:
> ------------------------------------------------------------------
>  if(PG_ARGISNULL(0)) PG_RETURN_NULL();
> ------------------------------------------------------------------
>
> Best regards and let me know if this is acceptable

It might be easier to declare the function strict which means that
it returns NULL on NULL input without calling the function for each
of the functions that should act that way (I'd guess all of
raw, eq and ne should be strict).  This can also be done without
needing to recompile if you drop the functions and recreate them
with "with (isstrict)"

Re: Error in chkpass.c (contrib area) with suggestion

From
Bruce Momjian
Date:
Looks like 7.3beta has the null checking in the code.  Thanks.

---------------------------------------------------------------------------

Sedlak Anton wrote:
> Because author is not responding I'm writing to you.
> In contrib/chkpass.c there is no checking against NULL values on input,
> thus if you call eg. raw(NULL) then postgresql always dies.
> Although storing encrypted password are highly required this behavior
> makes this extension module unusable.
>
> To correct it one must add some checkin before any PG_GETARG_XXX in
> chkpass.c:
> Suggested type of code follows:
> ------------------------------------------------------------------
>  if(PG_ARGISNULL(0)) PG_RETURN_NULL();
> ------------------------------------------------------------------
>
> Best regards and let me know if this is acceptable
>
> Sedlak Anton
>
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 2: you can get off all lists at once with the unregister command
>     (send "unregister YourEmailAddressHere" to majordomo@postgresql.org)
>

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073