Fix pg_restore to guard against unexpected EOF while reading an archive file.

tglsfdc · tglsfdc · commit 99fa5f458c21 · 2007-08-06T01:38:57.000Z
Per report and partial patch from Chad Wagner.
diff --git a/src/bin/pg_dump/pg_backup_archiver.c b/src/bin/pg_dump/pg_backup_archiver.c
@@ -15,7 +15,7 @@
  *
  *
  * IDENTIFICATION
- *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.7 2005/05/17 17:31:15 tgl Exp $
+ *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.8 2007/08/06 01:38:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -1545,15 +1545,17 @@ ReadStr(ArchiveHandle *AH)
 	int			l;
 
 	l = ReadInt(AH);
-	if (l == -1)
+	if (l < 0)
 		buf = NULL;
 	else
 	{
 		buf = (char *) malloc(l + 1);
 		if (!buf)
 			die_horribly(AH, modulename, "out of memory\n");
 
-		(*AH->ReadBufPtr) (AH, (void *) buf, l);
+		if ((*AH->ReadBufPtr) (AH, (void *) buf, l) != l)
+			die_horribly(AH, modulename, "unexpected end of file\n");
+
 		buf[l] = '\0';
 	}
 
@@ -2277,8 +2279,8 @@ ReadHead(ArchiveHandle *AH)
 	/* If we haven't already read the header... */
 	if (!AH->readHeader)
 	{
-
-		(*AH->ReadBufPtr) (AH, tmpMag, 5);
+		if ((*AH->ReadBufPtr) (AH, tmpMag, 5) != 5)
+			die_horribly(AH, modulename, "unexpected end of file\n");
 
 		if (strncmp(tmpMag, "PGDMP", 5) != 0)
 			die_horribly(AH, modulename, "did not find magic string in file header\n");
diff --git a/src/bin/pg_dump/pg_backup_custom.c b/src/bin/pg_dump/pg_backup_custom.c
@@ -19,7 +19,7 @@
  *
  *
  * IDENTIFICATION
- *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_custom.c,v 1.23 2002/10/25 01:33:17 momjian Exp $
+ *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_custom.c,v 1.23.2.1 2007/08/06 01:38:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -713,17 +713,18 @@ _WriteByte(ArchiveHandle *AH, const int i)
  *
  * Called by the archiver to read bytes & integers from the archive.
  * These routines are only used to read & write headers & TOC.
- *
+ * EOF should be treated as a fatal error.
  */
 static int
 _ReadByte(ArchiveHandle *AH)
 {
 	lclContext *ctx = (lclContext *) AH->formatData;
 	int			res;
 
-	res = fgetc(AH->FH);
-	if (res != EOF)
-		ctx->filePos += 1;
+	res = getc(AH->FH);
+	if (res == EOF)
+		die_horribly(AH, modulename, "unexpected end of file\n");
+	ctx->filePos += 1;
 	return res;
 }
 
diff --git a/src/bin/pg_dump/pg_backup_files.c b/src/bin/pg_dump/pg_backup_files.c
@@ -20,7 +20,7 @@
  *
  *
  * IDENTIFICATION
- *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_files.c,v 1.21 2002/10/25 01:33:17 momjian Exp $
+ *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_files.c,v 1.21.2.1 2007/08/06 01:38:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -396,9 +396,10 @@ _ReadByte(ArchiveHandle *AH)
 	lclContext *ctx = (lclContext *) AH->formatData;
 	int			res;
 
-	res = fgetc(AH->FH);
-	if (res != EOF)
-		ctx->filePos += 1;
+	res = getc(AH->FH);
+	if (res == EOF)
+		die_horribly(AH, modulename, "unexpected end of file\n");
+	ctx->filePos += 1;
 	return res;
 }
 
diff --git a/src/bin/pg_dump/pg_backup_tar.c b/src/bin/pg_dump/pg_backup_tar.c
@@ -16,7 +16,7 @@
  *
  *
  * IDENTIFICATION
- *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.c,v 1.32.2.2 2003/02/01 19:29:26 tgl Exp $
+ *		$Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_tar.c,v 1.32.2.3 2007/08/06 01:38:57 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -484,7 +484,7 @@ _tarReadRaw(ArchiveHandle *AH, void *buf, size_t len, TAR_MEMBER *th, FILE *fh)
 			used = avail;
 
 		/* Copy, and adjust buffer pos */
-		memcpy(buf, AH->lookahead, used);
+		memcpy(buf, AH->lookahead + AH->lookaheadPos, used);
 		AH->lookaheadPos += used;
 
 		/* Adjust required length */
@@ -728,12 +728,13 @@ static int
 _ReadByte(ArchiveHandle *AH)
 {
 	lclContext *ctx = (lclContext *) AH->formatData;
-	int			res;
-	char		c = '\0';
+	size_t		res;
+	unsigned char c;
 
 	res = tarRead(&c, 1, ctx->FH);
-	if (res != EOF)
-		ctx->filePos += res;
+	if (res != 1)
+		die_horribly(AH, modulename, "unexpected end of file\n");
+	ctx->filePos += 1;
 	return c;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@`
`15`	`15`	`*`
`16`	`16`	`*`
`17`	`17`	`* IDENTIFICATION`
`18`		`- * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.7 2005/05/17 17:31:15 tgl Exp $`
	`18`	`+ * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_archiver.c,v 1.62.2.8 2007/08/06 01:38:57 tgl Exp $`
`19`	`19`	`*`
`20`	`20`	`*-------------------------------------------------------------------------`
`21`	`21`	`*/`
`@@ -1545,15 +1545,17 @@ ReadStr(ArchiveHandle *AH)`
`1545`	`1545`	`int l;`
`1546`	`1546`
`1547`	`1547`	`l = ReadInt(AH);`
`1548`		`- if (l == -1)`
	`1548`	`+ if (l < 0)`
`1549`	`1549`	`buf = NULL;`
`1550`	`1550`	`else`
`1551`	`1551`	`{`
`1552`	`1552`	`buf = (char *) malloc(l + 1);`
`1553`	`1553`	`if (!buf)`
`1554`	`1554`	`die_horribly(AH, modulename, "out of memory\n");`
`1555`	`1555`
`1556`		`- (AH->ReadBufPtr) (AH, (void ) buf, l);`
	`1556`	`+ if ((AH->ReadBufPtr) (AH, (void ) buf, l) != l)`
	`1557`	`+ die_horribly(AH, modulename, "unexpected end of file\n");`
	`1558`	`+`
`1557`	`1559`	`buf[l] = '\0';`
`1558`	`1560`	`}`
`1559`	`1561`
`@@ -2277,8 +2279,8 @@ ReadHead(ArchiveHandle *AH)`
`2277`	`2279`	`/* If we haven't already read the header... */`
`2278`	`2280`	`if (!AH->readHeader)`
`2279`	`2281`	`{`
`2280`		`-`
`2281`		`- (*AH->ReadBufPtr) (AH, tmpMag, 5);`
	`2282`	`+ if ((*AH->ReadBufPtr) (AH, tmpMag, 5) != 5)`
	`2283`	`+ die_horribly(AH, modulename, "unexpected end of file\n");`
`2282`	`2284`
`2283`	`2285`	`if (strncmp(tmpMag, "PGDMP", 5) != 0)`
`2284`	`2286`	`die_horribly(AH, modulename, "did not find magic string in file header\n");`
Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@`
`19`	`19`	`*`
`20`	`20`	`*`
`21`	`21`	`* IDENTIFICATION`
`22`		`- * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_custom.c,v 1.23 2002/10/25 01:33:17 momjian Exp $`
	`22`	`+ * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_custom.c,v 1.23.2.1 2007/08/06 01:38:57 tgl Exp $`
`23`	`23`	`*`
`24`	`24`	`*-------------------------------------------------------------------------`
`25`	`25`	`*/`
`@@ -713,17 +713,18 @@ _WriteByte(ArchiveHandle *AH, const int i)`
`713`	`713`	`*`
`714`	`714`	`* Called by the archiver to read bytes & integers from the archive.`
`715`	`715`	`* These routines are only used to read & write headers & TOC.`
`716`		`- *`
	`716`	`+ * EOF should be treated as a fatal error.`
`717`	`717`	`*/`
`718`	`718`	`static int`
`719`	`719`	`_ReadByte(ArchiveHandle *AH)`
`720`	`720`	`{`
`721`	`721`	`lclContext ctx = (lclContext ) AH->formatData;`
`722`	`722`	`int res;`
`723`	`723`
`724`		`- res = fgetc(AH->FH);`
`725`		`- if (res != EOF)`
`726`		`- ctx->filePos += 1;`
	`724`	`+ res = getc(AH->FH);`
	`725`	`+ if (res == EOF)`
	`726`	`+ die_horribly(AH, modulename, "unexpected end of file\n");`
	`727`	`+ ctx->filePos += 1;`
`727`	`728`	`return res;`
`728`	`729`	`}`
`729`	`730`
Original file line number	Diff line number	Diff line change
`@@ -20,7 +20,7 @@`
`20`	`20`	`*`
`21`	`21`	`*`
`22`	`22`	`* IDENTIFICATION`
`23`		`- * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_files.c,v 1.21 2002/10/25 01:33:17 momjian Exp $`
	`23`	`+ * $Header: /cvsroot/pgsql/src/bin/pg_dump/pg_backup_files.c,v 1.21.2.1 2007/08/06 01:38:57 tgl Exp $`
`24`	`24`	`*`
`25`	`25`	`*-------------------------------------------------------------------------`
`26`	`26`	`*/`
`@@ -396,9 +396,10 @@ _ReadByte(ArchiveHandle *AH)`
`396`	`396`	`lclContext ctx = (lclContext ) AH->formatData;`
`397`	`397`	`int res;`
`398`	`398`
`399`		`- res = fgetc(AH->FH);`
`400`		`- if (res != EOF)`
`401`		`- ctx->filePos += 1;`
	`399`	`+ res = getc(AH->FH);`
	`400`	`+ if (res == EOF)`
	`401`	`+ die_horribly(AH, modulename, "unexpected end of file\n");`
	`402`	`+ ctx->filePos += 1;`
`402`	`403`	`return res;`
`403`	`404`	`}`
`404`	`405`