Second try at IPv4-to-v6 mapping code; avoid assuming that the struct

tglsfdc · tglsfdc · commit 92aa462247f3 · 2003-09-05T23:07:21.000Z
returned by getaddrinfo_all will have enough room for an IPv6 address.
diff --git a/src/backend/libpq/hba.c b/src/backend/libpq/hba.c
@@ -10,7 +10,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.113 2003/09/05 20:31:35 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/hba.c,v 1.114 2003/09/05 23:07:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -550,12 +550,12 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 	char	   *token;
 	char	   *db;
 	char	   *user;
-	struct addrinfo *file_ip_addr = NULL,
-			   *file_ip_mask = NULL;
+	struct addrinfo *gai_result;
 	struct addrinfo hints;
-	struct sockaddr_storage *mask;
-	char	   *cidr_slash;
 	int			ret;
+	struct sockaddr_storage addr;
+	struct sockaddr_storage mask;
+	char	   *cidr_slash;
 
 	Assert(line != NIL);
 	line_number = lfirsti(line);
@@ -648,6 +648,7 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 		if (cidr_slash)
 			*cidr_slash = '\0';
 
+		/* Get the IP address either way */
 		hints.ai_flags = AI_NUMERICHOST;
 		hints.ai_family = PF_UNSPEC;
 		hints.ai_socktype = 0;
@@ -657,27 +658,30 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 		hints.ai_addr = NULL;
 		hints.ai_next = NULL;
 
-		/* Get the IP address either way */
-		ret = getaddrinfo_all(token, NULL, &hints, &file_ip_addr);
-		if (ret || !file_ip_addr)
+		ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
+		if (ret || !gai_result)
 		{
 			ereport(LOG,
 					(errcode(ERRCODE_CONFIG_FILE_ERROR),
 					 errmsg("could not interpret IP address \"%s\" in config file: %s",
 							token, gai_strerror(ret))));
 			if (cidr_slash)
 				*cidr_slash = '/';
+			if (gai_result)
+				freeaddrinfo_all(hints.ai_family, gai_result);
 			goto hba_syntax;
 		}
 
 		if (cidr_slash)
 			*cidr_slash = '/';
 
+		memcpy(&addr, gai_result->ai_addr, gai_result->ai_addrlen);
+		freeaddrinfo_all(hints.ai_family, gai_result);
+
 		/* Get the netmask */
 		if (cidr_slash)
 		{
-			if (SockAddr_cidr_mask(&mask, cidr_slash + 1,
-								   file_ip_addr->ai_family) < 0)
+			if (SockAddr_cidr_mask(&mask, cidr_slash + 1, addr.ss_family) < 0)
 				goto hba_syntax;
 		}
 		else
@@ -688,55 +692,54 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 				goto hba_syntax;
 			token = lfirst(line);
 
-			ret = getaddrinfo_all(token, NULL, &hints, &file_ip_mask);
-			if (ret || !file_ip_mask)
+			ret = getaddrinfo_all(token, NULL, &hints, &gai_result);
+			if (ret || !gai_result)
+			{
+				if (gai_result)
+					freeaddrinfo_all(hints.ai_family, gai_result);
 				goto hba_syntax;
+			}
 
-			mask = (struct sockaddr_storage *) file_ip_mask->ai_addr;
+			memcpy(&mask, gai_result->ai_addr, gai_result->ai_addrlen);
+			freeaddrinfo_all(hints.ai_family, gai_result);
 
-			if (file_ip_addr->ai_family != mask->ss_family)
+			if (addr.ss_family != mask.ss_family)
 				goto hba_syntax;
 		}
 
-		if (file_ip_addr->ai_family != port->raddr.addr.ss_family)
+		if (addr.ss_family != port->raddr.addr.ss_family)
 		{
 			/*
 			 * Wrong address family.  We allow only one case: if the
 			 * file has IPv4 and the port is IPv6, promote the file
 			 * address to IPv6 and try to match that way.
 			 */
 #ifdef HAVE_IPV6
-			if (file_ip_addr->ai_family == AF_INET &&
+			if (addr.ss_family == AF_INET &&
 				port->raddr.addr.ss_family == AF_INET6)
 			{
-				promote_v4_to_v6_addr((struct sockaddr_storage *) file_ip_addr->ai_addr);
-				promote_v4_to_v6_mask(mask);
+				promote_v4_to_v6_addr(&addr);
+				promote_v4_to_v6_mask(&mask);
 			}
 			else
 #endif /* HAVE_IPV6 */
 			{
-				freeaddrinfo_all(hints.ai_family, file_ip_addr);
+				/* Line doesn't match client port, so ignore it. */
 				return;
 			}
 		}
 
+		/* Ignore line if client port is not in the matching addr range. */
+		if (!rangeSockAddr(&port->raddr.addr, &addr, &mask))
+			return;
+
 		/* Read the rest of the line. */
 		line = lnext(line);
 		if (!line)
 			goto hba_syntax;
 		parse_hba_auth(line, &port->auth_method, &port->auth_arg, error_p);
 		if (*error_p)
 			goto hba_syntax;
-
-		/* Must meet network restrictions */
-		if (!rangeSockAddr(&port->raddr.addr,
-					   (struct sockaddr_storage *) file_ip_addr->ai_addr,
-						   mask))
-			goto hba_freeaddr;
-
-		freeaddrinfo_all(hints.ai_family, file_ip_addr);
-		if (file_ip_mask)
-			freeaddrinfo_all(hints.ai_family, file_ip_mask);
 	}
 	else
 		goto hba_syntax;
@@ -763,12 +766,6 @@ parse_hba(List *line, hbaPort *port, bool *found_p, bool *error_p)
 				   line_number)));
 
 	*error_p = true;
-
-hba_freeaddr:
-	if (file_ip_addr)
-		freeaddrinfo_all(hints.ai_family, file_ip_addr);
-	if (file_ip_mask)
-		freeaddrinfo_all(hints.ai_family, file_ip_mask);
 }
 
 
diff --git a/src/backend/libpq/ip.c b/src/backend/libpq/ip.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.20 2003/09/05 20:31:36 tgl Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/libpq/ip.c,v 1.21 2003/09/05 23:07:21 tgl Exp $
  *
  * This file and the IPV6 implementation were initially provided by
  * Nigel Kukard <nkukard@lbsd.net>, Linux Based Systems Design
@@ -332,15 +332,15 @@ rangeSockAddrAF_INET6(const struct sockaddr_in6 * addr,
  *	SockAddr_cidr_mask - make a network mask of the appropriate family
  *	  and required number of significant bits
  *
- * Note: Returns a static pointer for the mask, so it's not thread safe,
- *		 and a second call will overwrite the data.
+ * The resulting mask is placed in *mask, which had better be big enough.
+ *
+ * Return value is 0 if okay, -1 if not.
  */
 int
-SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
+SockAddr_cidr_mask(struct sockaddr_storage * mask, char *numbits, int family)
 {
 	long		bits;
 	char	   *endptr;
-	static struct sockaddr_storage sock;
 	struct sockaddr_in mask4;
 
 #ifdef	HAVE_IPV6
@@ -359,15 +359,13 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
 		)
 		return -1;
 
-	*mask = &sock;
-
 	switch (family)
 	{
 		case AF_INET:
 			mask4.sin_addr.s_addr =
 				htonl((0xffffffffUL << (32 - bits))
 					  & 0xffffffffUL);
-			memcpy(&sock, &mask4, sizeof(mask4));
+			memcpy(mask, &mask4, sizeof(mask4));
 			break;
 #ifdef HAVE_IPV6
 		case AF_INET6:
@@ -387,15 +385,15 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
 					}
 					bits -= 8;
 				}
-				memcpy(&sock, &mask6, sizeof(mask6));
+				memcpy(mask, &mask6, sizeof(mask6));
 				break;
 			}
 #endif
 		default:
 			return -1;
 	}
 
-	sock.ss_family = family;
+	mask->ss_family = family;
 	return 0;
 }
 
@@ -406,8 +404,9 @@ SockAddr_cidr_mask(struct sockaddr_storage ** mask, char *numbits, int family)
  * promote_v4_to_v6_addr --- convert an AF_INET addr to AF_INET6, using
  *		the standard convention for IPv4 addresses mapped into IPv6 world
  *
- * The passed addr is modified in place.  Note that we only worry about
- * setting the fields that rangeSockAddr will look at.
+ * The passed addr is modified in place; be sure it is large enough to
+ * hold the result!  Note that we only worry about setting the fields
+ * that rangeSockAddr will look at.
  */
 void
 promote_v4_to_v6_addr(struct sockaddr_storage * addr)
@@ -440,8 +439,9 @@ promote_v4_to_v6_addr(struct sockaddr_storage * addr)
  * This must be different from promote_v4_to_v6_addr because we want to
  * set the high-order bits to 1's not 0's.
  *
- * The passed addr is modified in place.  Note that we only worry about
- * setting the fields that rangeSockAddr will look at.
+ * The passed addr is modified in place; be sure it is large enough to
+ * hold the result!  Note that we only worry about setting the fields
+ * that rangeSockAddr will look at.
  */
 void
 promote_v4_to_v6_mask(struct sockaddr_storage * addr)
diff --git a/src/include/libpq/ip.h b/src/include/libpq/ip.h
@@ -5,7 +5,7 @@
  *
  * Copyright (c) 2003, PostgreSQL Global Development Group
  *
- * $Id: ip.h,v 1.11 2003/09/05 20:31:36 tgl Exp $
+ * $Id: ip.h,v 1.12 2003/09/05 23:07:21 tgl Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -30,7 +30,7 @@ extern int rangeSockAddr(const struct sockaddr_storage * addr,
 			  const struct sockaddr_storage * netaddr,
 			  const struct sockaddr_storage * netmask);
 
-extern int SockAddr_cidr_mask(struct sockaddr_storage ** mask,
+extern int SockAddr_cidr_mask(struct sockaddr_storage * mask,
 				   char *numbits, int family);
 
 #ifdef HAVE_IPV6

Original file line number	Diff line number	Diff line change
`@@ -5,7 +5,7 @@`
`5`	`5`	`*`
`6`	`6`	`* Copyright (c) 2003, PostgreSQL Global Development Group`
`7`	`7`	`*`
`8`		`- * $Id: ip.h,v 1.11 2003/09/05 20:31:36 tgl Exp $`
	`8`	`+ * $Id: ip.h,v 1.12 2003/09/05 23:07:21 tgl Exp $`
`9`	`9`	`*`
`10`	`10`	`*-------------------------------------------------------------------------`
`11`	`11`	`*/`
`@@ -30,7 +30,7 @@ extern int rangeSockAddr(const struct sockaddr_storage * addr,`
`30`	`30`	`const struct sockaddr_storage * netaddr,`
`31`	`31`	`const struct sockaddr_storage * netmask);`
`32`	`32`
`33`		`-extern int SockAddr_cidr_mask(struct sockaddr_storage ** mask,`
	`33`	`+extern int SockAddr_cidr_mask(struct sockaddr_storage * mask,`
`34`	`34`	`char *numbits, int family);`
`35`	`35`
`36`	`36`	`#ifdef HAVE_IPV6`