Skip to content

Commit 546cd0d

Browse files
robertmhaasrobertmhaas
committed
Fix InitializeSessionUserId not to deference NULL rolename pointer.
Dmitriy Sarafannikov, reviewed by Michael Paquier and Haribabu Kommi, with a minor fix by me.
1 parent d78a7d9 commit 546cd0d

File tree

1 file changed

+17
-7
lines changed

1 file changed

+17
-7
lines changed

src/backend/utils/init/miscinit.c

Lines changed: 17 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -474,6 +474,7 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
474474
{
475475
HeapTuple roleTup;
476476
Form_pg_authid rform;
477+
char *rname;
477478

478479
/*
479480
* Don't do scans if we're bootstrapping, none of the system catalogs
@@ -485,16 +486,25 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
485486
AssertState(!OidIsValid(AuthenticatedUserId));
486487

487488
if (rolename != NULL)
489+
{
488490
roleTup = SearchSysCache1(AUTHNAME, PointerGetDatum(rolename));
491+
if (!HeapTupleIsValid(roleTup))
492+
ereport(FATAL,
493+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
494+
errmsg("role \"%s\" does not exist", rolename)));
495+
}
489496
else
497+
{
490498
roleTup = SearchSysCache1(AUTHOID, ObjectIdGetDatum(roleid));
491-
if (!HeapTupleIsValid(roleTup))
492-
ereport(FATAL,
493-
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
494-
errmsg("role \"%s\" does not exist", rolename)));
499+
if (!HeapTupleIsValid(roleTup))
500+
ereport(FATAL,
501+
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
502+
errmsg("role with OID %u does not exist", roleid)));
503+
}
495504

496505
rform = (Form_pg_authid) GETSTRUCT(roleTup);
497506
roleid = HeapTupleGetOid(roleTup);
507+
rname = NameStr(rform->rolname);
498508

499509
AuthenticatedUserId = roleid;
500510
AuthenticatedUserIsSuperuser = rform->rolsuper;
@@ -520,7 +530,7 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
520530
ereport(FATAL,
521531
(errcode(ERRCODE_INVALID_AUTHORIZATION_SPECIFICATION),
522532
errmsg("role \"%s\" is not permitted to log in",
523-
rolename)));
533+
rname)));
524534

525535
/*
526536
* Check connection limit for this role.
@@ -538,11 +548,11 @@ InitializeSessionUserId(const char *rolename, Oid roleid)
538548
ereport(FATAL,
539549
(errcode(ERRCODE_TOO_MANY_CONNECTIONS),
540550
errmsg("too many connections for role \"%s\"",
541-
rolename)));
551+
rname)));
542552
}
543553

544554
/* Record username and superuser status as GUC settings too */
545-
SetConfigOption("session_authorization", rolename,
555+
SetConfigOption("session_authorization", rname,
546556
PGC_BACKEND, PGC_S_OVERRIDE);
547557
SetConfigOption("is_superuser",
548558
AuthenticatedUserIsSuperuser ? "on" : "off",

0 commit comments

Comments
 (0)