Disallow newlines in parameter values to be set in ALTER SYSTEM.

As noted by Julian Schauder in bug #14063, the configuration-file parser
doesn't support embedded newlines in string literals.  While there might
someday be a good reason to remove that restriction, there doesn't seem
to be one right now.  However, ALTER SYSTEM SET could accept strings
containing newlines, since many of the variable-specific value-checking
routines would just see a newline as whitespace.  This led to writing a
postgresql.auto.conf file that was broken and had to be removed manually.

Pending a reason to work harder, just throw an error if someone tries this.

In passing, fix several places in the ALTER SYSTEM logic that failed to
provide an errcode() for an ereport(), and thus would falsely log the
failure as an internal XX000 error.

Back-patch to 9.4 where ALTER SYSTEM was introduced.

diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index 06cb1660eb61dd1725948ad6115c86422aada004..e48e412b0f3e5c12060bc956c96602e61f791272 100644 (file)
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -7000,22 +7000,37 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
                                         errmsg("parameter \"%s\" cannot be changed",
                                                        name)));
 
+               /*
+                * If a value is specified, verify that it's sane.
+                */
                if (value)
                {
                        union config_var_val newval;
                        void       *newextra = NULL;
 
+                       /* Check that it's acceptable for the indicated parameter */
                        if (!parse_and_validate_value(record, name, value,
                                                                                  PGC_S_FILE, ERROR,
                                                                                  &newval, &newextra))
                                ereport(ERROR,
-                                               (errmsg("invalid value for parameter \"%s\": \"%s\"",
+                                               (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                                                errmsg("invalid value for parameter \"%s\": \"%s\"",
                                                                name, value)));
 
                        if (record->vartype == PGC_STRING && newval.stringval != NULL)
                                free(newval.stringval);
                        if (newextra)
                                free(newextra);
+
+                       /*
+                        * We must also reject values containing newlines, because the
+                        * grammar for config files doesn't support embedded newlines in
+                        * string literals.
+                        */
+                       if (strchr(value, '\n'))
+                               ereport(ERROR,
+                                               (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                                                errmsg("parameter value for ALTER SYSTEM must not contain a newline")));
                }
        }
 
@@ -7052,13 +7067,15 @@ AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt)
                        infile = AllocateFile(AutoConfFileName, "r");
                        if (infile == NULL)
                                ereport(ERROR,
-                                               (errmsg("could not open file \"%s\": %m",
+                                               (errcode_for_file_access(),
+                                                errmsg("could not open file \"%s\": %m",
                                                                AutoConfFileName)));
 
                        /* parse it */
                        if (!ParseConfigFp(infile, AutoConfFileName, 0, LOG, &head, &tail))
                                ereport(ERROR,
-                                               (errmsg("could not parse contents of file \"%s\"",
+                                               (errcode(ERRCODE_CONFIG_FILE_ERROR),
+                                                errmsg("could not parse contents of file \"%s\"",
                                                                AutoConfFileName)));
 
                        FreeFile(infile);