Skip to content

Commit 546cd0d

Browse files
robertmhaasrobertmhaas
committed
Fix InitializeSessionUserId not to deference NULL rolename pointer.
Dmitriy Sarafannikov, reviewed by Michael Paquier and Haribabu Kommi, with a minor fix by me.
1 parent d78a7d9 commit 546cd0d

File tree

1 file changed

+17
-7
lines changed

1 file changed

+17
-7
lines changed

src/backend/utils/init/miscinit.c

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -474,6 +474,7 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
474474
{
475475
HeapTuple roleTup;
476476
Form_pg_authid rform;
477+
char *rname;
477478

478479
/*
479480
* Don't do scans if we're bootstrapping, none of the system catalogs
@@ -485,16 +486,25 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
485486
AssertState(!OidIsValid(AuthenticatedUserId));
486487

487488
if (rolename != NULL)
489+
{
488490
roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename));
491+
if (!HeapTupleIsValid(roleTup))
492+
ereport(FATAL,
493+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
494+
errmsg("role \"%s\" does not exist", rolename)));
495+
}
489496
else
497+
{
490498
roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
491-
if (!HeapTupleIsValid(roleTup))
492-
ereport(FATAL,
493-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
494-
errmsg("role \"%s\" does not exist", rolename)));
499+
if (!HeapTupleIsValid(roleTup))
500+
ereport(FATAL,
501+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
502+
errmsg("role with OID %u does not exist", roleid)));
503+
}
495504

496505
rform = (Form_pg_authid) GETSTRUCT(roleTup);
497506
roleid = HeapTupleGetOid(roleTup);
507+
rname = NameStr(rform->rolname);
498508

499509
AuthenticatedUserId = roleid;
500510
AuthenticatedUserIsSuperuser = rform->rolsuper;
@@ -520,7 +530,7 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
520530
ereport(FATAL,
521531
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
522532
errmsg("role \"%s\" is not permitted to log in",
523-
rolename)));
533+
rname)));
524534

525535
/*
526536
* Check connection limit for this role.
@@ -538,11 +548,11 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
538548
ereport(FATAL,
539549
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
540550
errmsg("too many connections for role \"%s\"",
541-
rolename)));
551+
rname)));
542552
}
543553

544554
/* Record username and superuser status as GUC settings too */
545-
SetConfigOption("session_authorization", rolename,
555+
SetConfigOption("session_authorization", rname,
546556
PGC_BACKEND, PGC_S_OVERRIDE);
547557
SetConfigOption("is_superuser",
548558
AuthenticatedUserIsSuperuser ? "on" : "off",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy