Back-patch "Only quote libpq connection string values that need quoting."

Back-patch commit 2953cd6d17210935098c803c52c6df5b12a725b9 and certain
runPgDump() bits of 3dee636e0404885d07885d41c0d70e50c784f324 to 9.2 and
9.1.  This synchronizes their doConnStrQuoting() implementations with
later releases.  Subsequent security patches will modify that function.

Security: CVE-2016-5424

diff --git a/src/bin/pg_dump/pg_dumpall.c b/src/bin/pg_dump/pg_dumpall.c
index 47fb7008462b76d7ae5b65c135e3a6dd2939e449..2c46b5ee90b1d8603f7c19002b8fc1a5f681741e 100644 (file)
--- a/src/bin/pg_dump/pg_dumpall.c
+++ b/src/bin/pg_dump/pg_dumpall.c
@@ -1656,7 +1656,7 @@ dumpDatabases(PGconn *conn)
 static int
 runPgDump(const char *dbname)
 {
-       PQExpBuffer connstr = createPQExpBuffer();
+       PQExpBuffer connstrbuf = createPQExpBuffer();
        PQExpBuffer cmd = createPQExpBuffer();
        int                     ret;
 
@@ -1678,11 +1678,10 @@ runPgDump(const char *dbname)
         * database name as is, but if it contains any = characters, it would
         * incorrectly treat it as a connection string.
         */
-       appendPQExpBuffer(connstr, "dbname='");
-       doConnStrQuoting(connstr, dbname);
-       appendPQExpBuffer(connstr, "'");
+       appendPQExpBufferStr(connstrbuf, "dbname=");
+       doConnStrQuoting(connstrbuf, dbname);
 
-       doShellQuoting(cmd, connstr->data);
+       doShellQuoting(cmd, connstrbuf->data);
 
        appendPQExpBuffer(cmd, "%s", SYSTEMQUOTE);
 
@@ -1695,7 +1694,7 @@ runPgDump(const char *dbname)
        ret = system(cmd->data);
 
        destroyPQExpBuffer(cmd);
-       destroyPQExpBuffer(connstr);
+       destroyPQExpBuffer(connstrbuf);
 
        return ret;
 }
@@ -1943,15 +1942,40 @@ dumpTimestamp(char *msg)
 static void
 doConnStrQuoting(PQExpBuffer buf, const char *str)
 {
-       while (*str)
+       const char *s;
+       bool            needquotes;
+
+       /*
+        * If the string consists entirely of plain ASCII characters, no need to
+        * quote it. This is quite conservative, but better safe than sorry.
+        */
+       needquotes = false;
+       for (s = str; *s; s++)
+       {
+               if (!((*s >= 'a' && *s <= 'z') || (*s >= 'A' && *s <= 'Z') ||
+                         (*s >= '0' && *s <= '9') || *s == '_' || *s == '.'))
+               {
+                       needquotes = true;
+                       break;
+               }
+       }
+
+       if (needquotes)
        {
-               /* ' and \ must be escaped by to \' and \\ */
-               if (*str == '\'' || *str == '\\')
-                       appendPQExpBufferChar(buf, '\\');
+               appendPQExpBufferChar(buf, '\'');
+               while (*str)
+               {
+                       /* ' and \ must be escaped by to \' and \\ */
+                       if (*str == '\'' || *str == '\\')
+                               appendPQExpBufferChar(buf, '\\');
 
-               appendPQExpBufferChar(buf, *str);
-               str++;
+                       appendPQExpBufferChar(buf, *str);
+                       str++;
+               }
+               appendPQExpBufferChar(buf, '\'');
        }
+       else
+               appendPQExpBufferStr(buf, str);
 }
 
 /*