Commit 99f3b561 authored by Tom Lane's avatar Tom Lane

Disallow newlines in parameter values to be set in ALTER SYSTEM.

As noted by Julian Schauder in bug #14063, the configuration-file parser
doesn't support embedded newlines in string literals.  While there might
someday be a good reason to remove that restriction, there doesn't seem
to be one right now.  However, ALTER SYSTEM SET could accept strings
containing newlines, since many of the variable-specific value-checking
routines would just see a newline as whitespace.  This led to writing a
postgresql.auto.conf file that was broken and had to be removed manually.

Pending a reason to work harder, just throw an error if someone tries this.

In passing, fix several places in the ALTER SYSTEM logic that failed to
provide an errcode() for an ereport(), and thus would falsely log the
failure as an internal XX000 error.

Back-patch to 9.4 where ALTER SYSTEM was introduced.
parent 890614d2
...@@ -7000,22 +7000,37 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt) ...@@ -7000,22 +7000,37 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
errmsg("parameter \"%s\" cannot be changed", errmsg("parameter \"%s\" cannot be changed",
name))); name)));
/*
* If a value is specified, verify that it's sane.
*/
if (value) if (value)
{ {
union config_var_val newval; union config_var_val newval;
void *newextra = NULL; void *newextra = NULL;
/* Check that it's acceptable for the indicated parameter */
if (!parse_and_validate_value(record, name, value, if (!parse_and_validate_value(record, name, value,
PGC_S_FILE, ERROR, PGC_S_FILE, ERROR,
&newval, &newextra)) &newval, &newextra))
ereport(ERROR, ereport(ERROR,
(errmsg("invalid value for parameter \"%s\": \"%s\"", (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("invalid value for parameter \"%s\": \"%s\"",
name, value))); name, value)));
if (record->vartype == PGC_STRING && newval.stringval != NULL) if (record->vartype == PGC_STRING && newval.stringval != NULL)
free(newval.stringval); free(newval.stringval);
if (newextra) if (newextra)
free(newextra); free(newextra);
/*
* We must also reject values containing newlines, because the
* grammar for config files doesn't support embedded newlines in
* string literals.
*/
if (strchr(value, '\n'))
ereport(ERROR,
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
errmsg("parameter value for ALTER SYSTEM must not contain a newline")));
} }
} }
...@@ -7052,13 +7067,15 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt) ...@@ -7052,13 +7067,15 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
infile = AllocateFile(AutoConfFileName, "r"); infile = AllocateFile(AutoConfFileName, "r");
if (infile == NULL) if (infile == NULL)
ereport(ERROR, ereport(ERROR,
(errmsg("could not open file \"%s\": %m", (errcode_for_file_access(),
errmsg("could not open file \"%s\": %m",
AutoConfFileName))); AutoConfFileName)));
/* parse it */ /* parse it */
if (!ParseConfigFp(infile, AutoConfFileName, 0, LOG, &head, &tail)) if (!ParseConfigFp(infile, AutoConfFileName, 0, LOG, &head, &tail))
ereport(ERROR, ereport(ERROR,
(errmsg("could not parse contents of file \"%s\"", (errcode(ERRCODE_CONFIG_FILE_ERROR),
errmsg("could not parse contents of file \"%s\"",
AutoConfFileName))); AutoConfFileName)));
FreeFile(infile); FreeFile(infile);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment