| From: | Mahendra Singh Thalor <mahi6run(at)gmail(dot)com> |
|---|---|
| To: | Andrew Dunstan <andrew(at)dunslane(dot)net> |
| Cc: | Srinath Reddy <srinath2133(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: getting "shell command argument contains a newline or carriage return:" error with pg_dumpall when db name have new line in double quote |
| Date: | 2025-03-27 11:57:59 |
| Message-ID: | CAKYtNAoOrGve4WmkaMgc5Ywo+X1rzifPM_dFjH_Ux2ze5fvdSA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, 27 Mar 2025 at 16:16, Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
>
> On 2025-03-26 We 8:52 AM, Srinath Reddy wrote:
>
> sorry for the noise ,previous response had my editor's formatting,just resending without that formatting.
>
> ./psql postgres
>
> Hi,
>
> On Wed, Mar 26, 2025 at 5:55 PM Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>>
>> You can still create a database with these using "CREATE DATABASE" though. Shouldn't we should really be preventing that?
>
>
> yes, solution 1 which I mentioned prevents these while we are using "CREATE DATABASE".
>
> /*
> * Create a new database using the WAL_LOG strategy.
> @@ -741,6 +742,13 @@ createdb(ParseState *pstate, const CreatedbStmt *stmt)
> CreateDBStrategy dbstrategy = CREATEDB_WAL_LOG;
> createdb_failure_params fparms;
>
> + /* Report error if dbname have newline or carriage return in name. */
> + if (is_name_contain_lfcr(dbname))
> + ereport(ERROR,
> + (errcode(ERRCODE_INVALID_PARAMETER_VALUE)),
> + errmsg("database name contains a newline or carriage return character"),
> + errhint("newline or carriage return character is not allowed in database name"));
> +
>
> psql (18devel)
> Type "help" for help.
>
> postgres=# create database "test
> postgres"# lines";
> ERROR: database name contains a newline or carriage return character
> HINT: newline or carriage return character is not allowed in database name
>
>
>
>
> Yes, sorry, I misread the thread. I think we should proceed with options 1 and 3 i.e. prevent creation of new databases with a CR or LF, and have pgdumpall exit with a more useful error message.
>
> Your invention of an is_name_contain_lfcr() function is unnecessary - we can just use the standard library function strpbrk() to look for a CR or LF.
>
>
> cheers
>
Thanks Andrew and Srinath for feedback.
Yes, we should use the strpbrk function. Fixed.
Here, I am attaching an updated patch which has check in createdb and
RenameDatabase. For older versions, we can add more useful error
message (like: rename database as database has \n\r")
I will add some TAP tests and will make patches for older branches.
--
Thanks and Regards
Mahendra Singh Thalor
EnterpriseDB: http://www.enterprisedb.com
| Attachment | Content-Type | Size |
|---|---|---|
| v02_block-database-name-with-newline-or-carriage-return.patch | application/octet-stream | 1.9 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Rahila Syed | 2025-03-27 12:02:55 | Re: Improve monitoring of shared memory allocations |
| Previous Message | Ashutosh Bapat | 2025-03-27 11:37:20 | Re: Statistics import and export: difference in statistics of materialized view dumped |