| From: | Peter Eisentraut <peter(at)eisentraut(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: libpq: Fix minor TOCTOU violation |
| Date: | 2024-08-16 04:45:55 |
| Message-ID: | E1seoqZ-004O2K-89@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
libpq: Fix minor TOCTOU violation
libpq checks the permissions of the password file before opening it.
The way this is done in two separate operations, a static analyzer
would flag as a time-of-check-time-of-use violation. In practice, you
can't do anything with that, but it still seems better style to fix
it.
To fix it, open the file first and then check the permissions on the
opened file handle.
Reviewed-by: Aleksander Alekseev <aleksander(at)timescale(dot)com>
Reviewed-by: Andreas Karlsson <andreas(at)proxel(dot)se>
Discussion: https://www.postgresql.org/message-id/flat/a3356054-14ae-4e7a-acc6-249d19dac20b%40eisentraut.org
Branch
------
master
Details
-------
https://git.postgresql.org/pg/commitdiff/e882bcae032d5e89777e2a1f3d78dfb77c17c192
Modified Files
--------------
src/interfaces/libpq/fe-connect.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2024-08-16 10:28:54 | pgsql: Remove unused 'cur_skey' argument from IndexScanOK() |
| Previous Message | Alexander Korotkov | 2024-08-15 22:00:56 | pgsql: Add missing wait_for_catchup() to pg_visibility tap test |