Home > mailing lists

pgsql: libpq: Fix minor TOCTOU violation - Mailing list pgsql-committers

From	Peter Eisentraut
Subject	pgsql: libpq: Fix minor TOCTOU violation
Date	August 16 10:45:55
Msg-id	E1seoqZ-004O2K-89@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

libpq: Fix minor TOCTOU violation

libpq checks the permissions of the password file before opening it.
The way this is done in two separate operations, a static analyzer
would flag as a time-of-check-time-of-use violation.  In practice, you
can't do anything with that, but it still seems better style to fix
it.

To fix it, open the file first and then check the permissions on the
opened file handle.

Reviewed-by: Aleksander Alekseev <aleksander@timescale.com>
Reviewed-by: Andreas Karlsson <andreas@proxel.se>
Discussion: https://www.postgresql.org/message-id/flat/a3356054-14ae-4e7a-acc6-249d19dac20b%40eisentraut.org

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/e882bcae032d5e89777e2a1f3d78dfb77c17c192

Modified Files
--------------
src/interfaces/libpq/fe-connect.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)

pgsql-committers by date:

From: Alexander Korotkov
Date: 16 August, 04:00:56
Subject: pgsql: Add missing wait_for_catchup() to pg_visibility tap test

From: Heikki Linnakangas
Date: 16 August, 16:28:54
Subject: pgsql: Remove unused 'cur_skey' argument from IndexScanOK()

pgsql: libpq: Fix minor TOCTOU violation - Mailing list pgsql-committers

Previous

Next