Skip to content

Commit 4717992

Browse files
tglsfdctglsfdc
committed
Instead of a bare recv() to read the server's response to an SSL
request packet, use pqReadData(). This has the same effect since conn->ssl isn't set yet and we aren't expecting more than one byte. The advantage is that we will correctly detect loss-of-connection instead of going into an infinite loop. Per report from Hannu Krosing.
1 parent a3f98d5 commit 4717992

File tree

1 file changed

+21
-15
lines changed

1 file changed

+21
-15
lines changed

src/interfaces/libpq/fe-connect.c

Lines changed: 21 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.297 2005/01/06 18:29:10 tgl Exp $
11+
* $PostgreSQL: pgsql/src/interfaces/libpq/fe-connect.c,v 1.298 2005/01/06 20:06:58 tgl Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -1452,30 +1452,36 @@ PQconnectPoll(PGconn *conn)
14521452

14531453
/*
14541454
* On first time through, get the postmaster's response to
1455-
* our SSL negotiation packet. Be careful to read only
1456-
* one byte (if there's more, it could be SSL data).
1455+
* our SSL negotiation packet.
14571456
*/
14581457
if (conn->ssl == NULL)
14591458
{
1459+
/*
1460+
* We use pqReadData here since it has the logic to
1461+
* distinguish no-data-yet from connection closure.
1462+
* Since conn->ssl isn't set, a plain recv() will occur.
1463+
*/
14601464
char SSLok;
1461-
int nread;
1465+
int rdresult;
14621466

1463-
retry_ssl_read:
1464-
nread = recv(conn->sock, &SSLok, 1, 0);
1465-
if (nread < 0)
1467+
rdresult = pqReadData(conn);
1468+
if (rdresult < 0)
14661469
{
1467-
if (SOCK_ERRNO == EINTR)
1468-
/* Interrupted system call - just try again */
1469-
goto retry_ssl_read;
1470-
1471-
printfPQExpBuffer(&conn->errorMessage,
1472-
libpq_gettext("could not receive server response to SSL negotiation packet: %s\n"),
1473-
SOCK_STRERROR(SOCK_ERRNO, sebuf, sizeof(sebuf)));
1470+
/* errorMessage is already filled in */
14741471
goto error_return;
14751472
}
1476-
if (nread == 0)
1473+
if (rdresult == 0)
1474+
{
14771475
/* caller failed to wait for data */
14781476
return PGRES_POLLING_READING;
1477+
}
1478+
if (pqGetc(&SSLok, conn) < 0)
1479+
{
1480+
/* should not happen really */
1481+
return PGRES_POLLING_READING;
1482+
}
1483+
/* mark byte consumed */
1484+
conn->inStart = conn->inCursor;
14791485
if (SSLok == 'S')
14801486
{
14811487
/* Do one-time setup; this creates conn->ssl */

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy