The following bug has been logged online:

Bug reference: 2424
Logged by: imacat
Email address: imacat@mail.imacat.idv.tw
PostgreSQL version: 8.1.3
Operating system: Linux
Description: initdb Did Not Escape the Password
Details:

The initdb seems did not escape (PQescapeString) the password. The
following is my test result, with password: ab'ds)24

imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U
postgres -W
The files belonging to this database system will be owned by user
"postgres".
This user must also own the server process.

The database cluster will be initialized with locale en_US.utf8.

fixing permissions on existing directory /tmp/postgres ... ok
creating directory /tmp/postgres/global ... ok
creating directory /tmp/postgres/pg_xlog ... ok
creating directory /tmp/postgres/pg_xlog/archive_status ... ok
creating directory /tmp/postgres/pg_clog ... ok
creating directory /tmp/postgres/pg_subtrans ... ok
creating directory /tmp/postgres/pg_twophase ... ok
creating directory /tmp/postgres/pg_multixact/members ... ok
creating directory /tmp/postgres/pg_multixact/offsets ... ok
creating directory /tmp/postgres/base ... ok
creating directory /tmp/postgres/base/1 ... ok
creating directory /tmp/postgres/pg_tblspc ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 1000
creating configuration files ... ok
creating template1 database in /tmp/postgres/base/1 ... ok
initializing pg_authid ... ok
Enter new superuser password:
Enter it again:
setting password ... FATAL: syntax error at or near "ds" at character 41
child process exited with exit code 1
initdb: removing contents of data directory "/tmp/postgres"
imacat@atlas ~ %

I have attached a patch that seems to solve this issue. It works
for me. Please tell me if there is any problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

diff -u -r postgresql-8.1.3.orig/src/bin/initdb/initdb.c
postgresql-8.1.3/src/bin/initdb/initdb.c
- --- postgresql-8.1.3.orig/src/bin/initdb/initdb.c 2005-11-23
02:23:26.000000000 +0800
+++ postgresql-8.1.3/src/bin/initdb/initdb.c 2006-05-07 14:07:30.000000000
+0800
@@ -1420,9 +1420,10 @@
{
PG_CMD_DECL;

- - char *pwd1,
+ char *pwd1, *pwdesc,
*pwd2;
char pwdpath[MAXPGPATH];
+ size_t pwdlen;
struct stat statbuf;

if (pwprompt)
@@ -1484,8 +1485,11 @@

PG_CMD_OPEN;

+ pwdlen = strlen(pwd1);
+ pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
+ PQescapeString(pwdesc, pwd1, pwdlen);
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
- - effective_user, pwd1);
+ effective_user, pwdesc);

PG_CMD_CLOSE;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEXY7Vi9gubzC5S1wRAmuJAJ0UxXXuLQHDa2rPTUxZTg M0iIn8/wCgih3o
cIMfUjN+Y6F0zHFSgmxrA2k=
=pvBZ
-----END PGP SIGNATURE-----

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

Has anyone notice this? I found that this is not fixed in the 8.1.4
release.

I have made a new patch for 8.1.4. It is attached below. Please
tell me if there is any problem. Thank you.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

diff -u -r postgresql-8.1.4.orig/src/bin/initdb/initdb.c postgresql-8.1.4/src/bin/initdb/initdb.c
- --- postgresql-8.1.4.orig/src/bin/initdb/initdb.c 2006-02-24 08:55:27.000000000 +0800
+++ postgresql-8.1.4/src/bin/initdb/initdb.c 2006-05-25 12:30:34.000000000 +0800
@@ -58,6 +58,7 @@
#include <langinfo.h>
#endif

+#include "libpq-fe.h"
#include "libpq/pqsignal.h"
#include "mb/pg_wchar.h"
#include "getaddrinfo.h"
@@ -1419,9 +1420,10 @@
{
PG_CMD_DECL;

- - char *pwd1,
+ char *pwd1, *pwdesc,
*pwd2;
char pwdpath[MAXPGPATH];
+ size_t pwdlen;
struct stat statbuf;

if (pwprompt)
@@ -1483,8 +1485,12 @@

PG_CMD_OPEN;

+ pwdlen = strlen(pwd1);
+ pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
+ PQescapeString(pwdesc, pwd1, pwdlen);
PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
- - username, pwd1);
+ username, pwdesc);
+ free(pwdesc);

PG_CMD_CLOSE;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEd0dTi9gubzC5S1wRAjM4AJ9gZGZ4IcbzE+CYX9HcOe Ma2o9IpQCdFMyT
S5N4shISjXRXmrnN/98zAUs=
=uY5a
-----END PGP SIGNATURE-----

On Sun, 7 May 2006 06:28:53 GMT
"imacat" <imacat@mail.imacat.idv.tw> wrote:
> The following bug has been logged online:
>
> Bug reference: 2424
> Logged by: imacat
> Email address: imacat@mail.imacat.idv.tw
> PostgreSQL version: 8.1.3
> Operating system: Linux
> Description: initdb Did Not Escape the Password
> Details:
>
> The initdb seems did not escape (PQescapeString) the password. The
> following is my test result, with password: ab'ds)24
>
> imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U
> postgres -W
> The files belonging to this database system will be owned by user
> "postgres".
> This user must also own the server process.
>
> The database cluster will be initialized with locale en_US.utf8.
>
> fixing permissions on existing directory /tmp/postgres ... ok
> creating directory /tmp/postgres/global ... ok
> creating directory /tmp/postgres/pg_xlog ... ok
> creating directory /tmp/postgres/pg_xlog/archive_status ... ok
> creating directory /tmp/postgres/pg_clog ... ok
> creating directory /tmp/postgres/pg_subtrans ... ok
> creating directory /tmp/postgres/pg_twophase ... ok
> creating directory /tmp/postgres/pg_multixact/members ... ok
> creating directory /tmp/postgres/pg_multixact/offsets ... ok
> creating directory /tmp/postgres/base ... ok
> creating directory /tmp/postgres/base/1 ... ok
> creating directory /tmp/postgres/pg_tblspc ... ok
> selecting default max_connections ... 100
> selecting default shared_buffers ... 1000
> creating configuration files ... ok
> creating template1 database in /tmp/postgres/base/1 ... ok
> initializing pg_authid ... ok
> Enter new superuser password:
> Enter it again:
> setting password ... FATAL: syntax error at or near "ds" at character 41
> child process exited with exit code 1
> initdb: removing contents of data directory "/tmp/postgres"
> imacat@atlas ~ %
>
> I have attached a patch that seems to solve this issue. It works
> for me. Please tell me if there is any problem.

--
Best regards,
imacat ^_*' <imacat@mail.imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iEYEABECAAYFAkR3R34ACgkQi9gubzC5S1zetwCdEg8RHjkqX4 Q4O5a9v6RmXOzo
VYoAoJVs9LhfZd6yLk5G+FLBd0IfQxL6
=ShBR
-----END PGP SIGNATURE-----

Your patch has been added to the PostgreSQL unapplied patches list at:

http://momjian.postgresql.org/cgi-bin/pgpatches

It will be applied as soon as one of the PostgreSQL committers reviews
and approves it.

---------------------------------------------------------------------------


imacat wrote:
-- Start of PGP signed section.
> Has anyone notice this? I found that this is not fixed in the 8.1.4
> release.
>
> I have made a new patch for 8.1.4. It is attached below. Please
> tell me if there is any problem. Thank you.
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> diff -u -r postgresql-8.1.4.orig/src/bin/initdb/initdb.c postgresql-8.1.4/src/bin/initdb/initdb.c
> - --- postgresql-8.1.4.orig/src/bin/initdb/initdb.c 2006-02-24 08:55:27.000000000 +0800
> +++ postgresql-8.1.4/src/bin/initdb/initdb.c 2006-05-25 12:30:34.000000000 +0800
> @@ -58,6 +58,7 @@
> #include <langinfo.h>
> #endif
>
> +#include "libpq-fe.h"
> #include "libpq/pqsignal.h"
> #include "mb/pg_wchar.h"
> #include "getaddrinfo.h"
> @@ -1419,9 +1420,10 @@
> {
> PG_CMD_DECL;
>
> - - char *pwd1,
> + char *pwd1, *pwdesc,
> *pwd2;
> char pwdpath[MAXPGPATH];
> + size_t pwdlen;
> struct stat statbuf;
>
> if (pwprompt)
> @@ -1483,8 +1485,12 @@
>
> PG_CMD_OPEN;
>
> + pwdlen = strlen(pwd1);
> + pwdesc = (char *)pg_malloc(pwdlen * 2 + 1);
> + PQescapeString(pwdesc, pwd1, pwdlen);
> PG_CMD_PRINTF2("ALTER USER \"%s\" WITH PASSWORD '%s';\n",
> - - username, pwd1);
> + username, pwdesc);
> + free(pwdesc);
>
> PG_CMD_CLOSE;
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (GNU/Linux)
>
> iD8DBQFEd0dTi9gubzC5S1wRAjM4AJ9gZGZ4IcbzE+CYX9HcOe Ma2o9IpQCdFMyT
> S5N4shISjXRXmrnN/98zAUs=
> =uY5a
> -----END PGP SIGNATURE-----
>
> On Sun, 7 May 2006 06:28:53 GMT
> "imacat" <imacat@mail.imacat.idv.tw> wrote:
> > The following bug has been logged online:
> >
> > Bug reference: 2424
> > Logged by: imacat
> > Email address: imacat@mail.imacat.idv.tw
> > PostgreSQL version: 8.1.3
> > Operating system: Linux
> > Description: initdb Did Not Escape the Password
> > Details:
> >
> > The initdb seems did not escape (PQescapeString) the password. The
> > following is my test result, with password: ab'ds)24
> >
> > imacat@atlas ~ % initdb -D /tmp/postgres -E utf8 --locale=en_US.utf8 -U
> > postgres -W
> > The files belonging to this database system will be owned by user
> > "postgres".
> > This user must also own the server process.
> >
> > The database cluster will be initialized with locale en_US.utf8.
> >
> > fixing permissions on existing directory /tmp/postgres ... ok
> > creating directory /tmp/postgres/global ... ok
> > creating directory /tmp/postgres/pg_xlog ... ok
> > creating directory /tmp/postgres/pg_xlog/archive_status ... ok
> > creating directory /tmp/postgres/pg_clog ... ok
> > creating directory /tmp/postgres/pg_subtrans ... ok
> > creating directory /tmp/postgres/pg_twophase ... ok
> > creating directory /tmp/postgres/pg_multixact/members ... ok
> > creating directory /tmp/postgres/pg_multixact/offsets ... ok
> > creating directory /tmp/postgres/base ... ok
> > creating directory /tmp/postgres/base/1 ... ok
> > creating directory /tmp/postgres/pg_tblspc ... ok
> > selecting default max_connections ... 100
> > selecting default shared_buffers ... 1000
> > creating configuration files ... ok
> > creating template1 database in /tmp/postgres/base/1 ... ok
> > initializing pg_authid ... ok
> > Enter new superuser password:
> > Enter it again:
> > setting password ... FATAL: syntax error at or near "ds" at character 41
> > child process exited with exit code 1
> > initdb: removing contents of data directory "/tmp/postgres"
> > imacat@atlas ~ %
> >
> > I have attached a patch that seems to solve this issue. It works
> > for me. Please tell me if there is any problem.
>
> --
> Best regards,
> imacat ^_*' <imacat@mail.imacat.idv.tw>
> PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt
>
> <<Woman's Voice>> News: http://www.wov.idv.tw/
> Tavern IMACAT's: http://www.imacat.idv.tw/
> TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug
-- End of PGP section, PGP failed!

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings

Bruce Momjian <pgman@candle.pha.pa.us> writes:
> Your patch has been added to the PostgreSQL unapplied patches list at:

I don't particularly like this patch, because it is predicated on a
false assumption, namely that initdb uses libpq to talk to the backend.
ISTM PQescapeString is not the thing to use. (As a concrete example
of why not, there'll be no way to make it use the correct value of
standard_conforming_strings, when that default changes.)

I think the best solution is probably to use the existing escape_quotes
function and to place its output in an E'' string.

I looked through initdb to see if there were any other places where it
was creating SQL string literals that might have escaping problems.
All of the COPY commands it issues are potentially at risk: consider
the possibility that the installation sharedir has a quote or backslash
in its path. I didn't see any other holes though.

Will fix this later today.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match

Yes, I was going to rework the patch to use the ideas you suggested. I
wasn't going to apply it as-is. Anyway, feel free to address it.

---------------------------------------------------------------------------

Tom Lane wrote:
> Bruce Momjian <pgman@candle.pha.pa.us> writes:
> > Your patch has been added to the PostgreSQL unapplied patches list at:
>
> I don't particularly like this patch, because it is predicated on a
> false assumption, namely that initdb uses libpq to talk to the backend.
> ISTM PQescapeString is not the thing to use. (As a concrete example
> of why not, there'll be no way to make it use the correct value of
> standard_conforming_strings, when that default changes.)
>
> I think the best solution is probably to use the existing escape_quotes
> function and to place its output in an E'' string.
>
> I looked through initdb to see if there were any other places where it
> was creating SQL string literals that might have escaping problems.
> All of the COPY commands it issues are potentially at risk: consider
> the possibility that the installation sharedir has a quote or backslash
> in its path. I didn't see any other holes though.
>
> Will fix this later today.
>
> regards, tom lane
>

--
Bruce Momjian http://candle.pha.pa.us
EnterpriseDB http://www.enterprisedb.com

+ If your life is a hard drive, Christ can be your backup. +

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend

On Sat, 27 May 2006 13:26:24 -0400 (EDT)
Bruce Momjian <pgman@candle.pha.pa.us> wrote:
> Yes, I was going to rework the patch to use the ideas you suggested. I
> wasn't going to apply it as-is. Anyway, feel free to address it.
> Tom Lane wrote:
> > Bruce Momjian <pgman@candle.pha.pa.us> writes:

Thank you for your attention. I thought my patch need to be
reworked, too. I use rather long and complex password for the initial
user "postgres" so that I don't have to remember it. I do hope this
simple issue could be solved soon.

And for the path escaping problem, well, almost all Unix
applications have this issue to be solved. The Perl doesn't work with
an installation prefix with spaces, thus can't be installed into
"C:\Program Files". I hope this could be solved, too, though I myself
am not in rush need of this.

--
Best regards,
imacat ^_*' <imacat@mail.imacat.idv.tw>
PGP Key: http://www.imacat.idv.tw/me/pgpkey.txt

<<Woman's Voice>> News: http://www.wov.idv.tw/
Tavern IMACAT's: http://www.imacat.idv.tw/
TLUG List Manager: http://lists.linux.org.tw/cgi-bin/mailman/listinfo/tlug

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iEYEABECAAYFAkR5qsMACgkQi9gubzC5S1ykogCgk4ybBPAu6L s38JOLWzT0rbxW
0QIAniTpclCokNy0syOZbhU0P3sgZ3JT
=HUmk
-----END PGP SIGNATURE-----