From 66e92878aaec5cd505bba367b2fe6f8eb08715aa Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Wed, 21 Mar 2018 20:03:28 -0400 Subject: [PATCH] Fix mishandling of quoted-list GUC values in pg_dump and ruleutils.c. Code that prints out the contents of setconfig or proconfig arrays in SQL format needs to handle GUC_LIST_QUOTE variables differently from other ones, because for those variables, flatten_set_variable_args() already applied a layer of quoting. The value can therefore safely be printed as-is, and indeed must be, or flatten_set_variable_args() will muck it up completely on reload. For all other GUC variables, it's necessary and sufficient to quote the value as a SQL literal. We'd recognized the need for this long ago, but mis-analyzed the need slightly, thinking that all GUC_LIST_INPUT variables needed the special treatment. That's actually wrong, since a valid value of a LIST variable might include characters that need quoting, although no existing variables accept such values. More to the point, we hadn't made any particular effort to keep the various places that deal with this up-to-date with the set of variables that actually need special treatment, meaning that we'd do the wrong thing with, for example, temp_tablespaces values. This affects dumping of SET clauses attached to functions, as well as ALTER DATABASE/ROLE SET commands. In ruleutils.c we can fix it reasonably honestly by exporting a guc.c function that allows discovering the flags for a given GUC variable. But pg_dump doesn't have easy access to that, so continue the old method of having a hard-wired list of affected variable names. At least we can fix it to have just one list not two, and update the list to match current reality. A remaining problem with this is that it only works for built-in GUC variables. pg_dump's list obvious knows nothing of third-party extensions, and even the "ask guc.c" method isn't bulletproof since the relevant extension might not be loaded. There's no obvious solution to that, so for now, we'll just have to discourage extension authors from inventing custom GUCs that need GUC_LIST_QUOTE. This has been busted for a long time, so back-patch to all supported branches. Michael Paquier and Tom Lane, reviewed by Kyotaro Horiguchi and Pavel Stehule Discussion: https://postgr.es/m/20180111064900.GA51030@paquier.xyz --- src/backend/utils/adt/ruleutils.c | 13 +++++++++---- src/backend/utils/misc/guc.c | 28 ++++++++++++++++++++++++++-- src/bin/pg_dump/dumputils.c | 23 +++++++++++++++++++++++ src/bin/pg_dump/dumputils.h | 2 ++ src/bin/pg_dump/pg_dump.c | 12 ++++++++---- src/bin/pg_dump/pg_dumpall.c | 11 ++++++++--- src/include/utils/guc.h | 1 + src/test/regress/expected/rules.out | 27 +++++++++++++++++++++++++++ src/test/regress/sql/rules.sql | 13 +++++++++++++ 9 files changed, 117 insertions(+), 13 deletions(-) diff --git a/src/backend/utils/adt/ruleutils.c b/src/backend/utils/adt/ruleutils.c index fe1853fc86..8e1bee5e69 100644 --- a/src/backend/utils/adt/ruleutils.c +++ b/src/backend/utils/adt/ruleutils.c @@ -61,6 +61,7 @@ #include "utils/array.h" #include "utils/builtins.h" #include "utils/fmgroids.h" +#include "utils/guc.h" #include "utils/hsearch.h" #include "utils/lsyscache.h" #include "utils/rel.h" @@ -2568,11 +2569,15 @@ pg_get_functiondef(PG_FUNCTION_ARGS) quote_identifier(configitem)); /* - * Some GUC variable names are 'LIST' type and hence must not - * be quoted. + * Variables that are marked GUC_LIST_QUOTE were already fully + * quoted by flatten_set_variable_args() before they were put + * into the proconfig array; we mustn't re-quote them or we'll + * make a mess. Variables that are not so marked should just + * be emitted as simple string literals. If the variable is + * not known to guc.c, we'll do the latter; this makes it + * unsafe to use GUC_LIST_QUOTE for extension variables. */ - if (pg_strcasecmp(configitem, "DateStyle") == 0 - || pg_strcasecmp(configitem, "search_path") == 0) + if (GetConfigOptionFlags(configitem, true) & GUC_LIST_QUOTE) appendStringInfoString(&buf, pos); else simple_quote_literal(&buf, pos); diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index 713200028b..50769618d1 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -793,8 +793,8 @@ static const unit_conversion time_unit_conversion_table[] = * * 6. Don't forget to document the option (at least in config.sgml). * - * 7. If it's a new GUC_LIST option you must edit pg_dumpall.c to ensure - * it is not single quoted at dump time. + * 7. If it's a new GUC_LIST_QUOTE option, you must add it to + * variable_is_guc_list_quote() in src/bin/pg_dump/dumputils.c. */ @@ -6802,6 +6802,30 @@ GetConfigOptionResetString(const char *name) return NULL; } +/* + * Get the GUC flags associated with the given option. + * + * If the option doesn't exist, return 0 if missing_ok is true, + * otherwise throw an ereport and don't return. + */ +int +GetConfigOptionFlags(const char *name, bool missing_ok) +{ + struct config_generic *record; + + record = find_option(name, false, WARNING); + if (record == NULL) + { + if (missing_ok) + return 0; + ereport(ERROR, + (errcode(ERRCODE_UNDEFINED_OBJECT), + errmsg("unrecognized configuration parameter \"%s\"", + name))); + } + return record->flags; +} + /* * flatten_set_variable_args diff --git a/src/bin/pg_dump/dumputils.c b/src/bin/pg_dump/dumputils.c index c097dae2a7..9888718aab 100644 --- a/src/bin/pg_dump/dumputils.c +++ b/src/bin/pg_dump/dumputils.c @@ -846,3 +846,26 @@ buildACLQueries(PQExpBuffer acl_subquery, PQExpBuffer racl_subquery, printfPQExpBuffer(init_racl_subquery, "NULL"); } } + +/* + * Detect whether the given GUC variable is of GUC_LIST_QUOTE type. + * + * It'd be better if we could inquire this directly from the backend; but even + * if there were a function for that, it could only tell us about variables + * currently known to guc.c, so that it'd be unsafe for extensions to declare + * GUC_LIST_QUOTE variables anyway. Lacking a solution for that, it doesn't + * seem worth the work to do more than have this list, which must be kept in + * sync with the variables actually marked GUC_LIST_QUOTE in guc.c. + */ +bool +variable_is_guc_list_quote(const char *name) +{ + if (pg_strcasecmp(name, "temp_tablespaces") == 0 || + pg_strcasecmp(name, "session_preload_libraries") == 0 || + pg_strcasecmp(name, "shared_preload_libraries") == 0 || + pg_strcasecmp(name, "local_preload_libraries") == 0 || + pg_strcasecmp(name, "search_path") == 0) + return true; + else + return false; +} diff --git a/src/bin/pg_dump/dumputils.h b/src/bin/pg_dump/dumputils.h index 2700baae14..690fdc45c8 100644 --- a/src/bin/pg_dump/dumputils.h +++ b/src/bin/pg_dump/dumputils.h @@ -56,4 +56,6 @@ extern void buildACLQueries(PQExpBuffer acl_subquery, PQExpBuffer racl_subquery, const char *acl_column, const char *acl_owner, const char *obj_kind, bool binary_upgrade); +extern bool variable_is_guc_list_quote(const char *name); + #endif /* DUMPUTILS_H */ diff --git a/src/bin/pg_dump/pg_dump.c b/src/bin/pg_dump/pg_dump.c index 852b3c89a3..cb3e6b2a8f 100644 --- a/src/bin/pg_dump/pg_dump.c +++ b/src/bin/pg_dump/pg_dump.c @@ -11480,11 +11480,15 @@ dumpFunc(Archive *fout, FuncInfo *finfo) appendPQExpBuffer(q, "\n SET %s TO ", fmtId(configitem)); /* - * Some GUC variable names are 'LIST' type and hence must not be - * quoted. + * Variables that are marked GUC_LIST_QUOTE were already fully quoted + * by flatten_set_variable_args() before they were put into the + * proconfig array; we mustn't re-quote them or we'll make a mess. + * Variables that are not so marked should just be emitted as simple + * string literals. If the variable is not known to + * variable_is_guc_list_quote(), we'll do the latter; this makes it + * unsafe to use GUC_LIST_QUOTE for extension variables. */ - if (pg_strcasecmp(configitem, "DateStyle") == 0 - || pg_strcasecmp(configitem, "search_path") == 0) + if (variable_is_guc_list_quote(configitem)) appendPQExpBufferStr(q, pos); else appendStringLiteralAH(q, pos, fout); diff --git a/src/bin/pg_dump/pg_dumpall.c b/src/bin/pg_dump/pg_dumpall.c index b8cfca6eb2..ec968a1170 100644 --- a/src/bin/pg_dump/pg_dumpall.c +++ b/src/bin/pg_dump/pg_dumpall.c @@ -1706,10 +1706,15 @@ makeAlterConfigCommand(PGconn *conn, const char *arrayitem, appendPQExpBuffer(buf, "SET %s TO ", fmtId(mine)); /* - * Some GUC variable names are 'LIST' type and hence must not be quoted. + * Variables that are marked GUC_LIST_QUOTE were already fully quoted by + * flatten_set_variable_args() before they were put into the setconfig + * array; we mustn't re-quote them or we'll make a mess. Variables that + * are not so marked should just be emitted as simple string literals. If + * the variable is not known to variable_is_guc_list_quote(), we'll do the + * latter; this makes it unsafe to use GUC_LIST_QUOTE for extension + * variables. */ - if (pg_strcasecmp(mine, "DateStyle") == 0 - || pg_strcasecmp(mine, "search_path") == 0) + if (variable_is_guc_list_quote(mine)) appendPQExpBufferStr(buf, pos + 1); else appendStringLiteralConn(buf, pos + 1, conn); diff --git a/src/include/utils/guc.h b/src/include/utils/guc.h index 6bcc90413c..9267b52698 100644 --- a/src/include/utils/guc.h +++ b/src/include/utils/guc.h @@ -348,6 +348,7 @@ extern void EmitWarningsOnPlaceholders(const char *className); extern const char *GetConfigOption(const char *name, bool missing_ok, bool restrict_superuser); extern const char *GetConfigOptionResetString(const char *name); +extern int GetConfigOptionFlags(const char *name, bool missing_ok); extern void ProcessConfigFile(GucContext context); extern void InitializeGUCOptions(void); extern bool SelectConfigFiles(const char *userDoption, const char *progname); diff --git a/src/test/regress/expected/rules.out b/src/test/regress/expected/rules.out index f1bf287579..ce03c4e7e4 100644 --- a/src/test/regress/expected/rules.out +++ b/src/test/regress/expected/rules.out @@ -3147,6 +3147,33 @@ SELECT * FROM hat_data WHERE hat_name IN ('h8', 'h9', 'h7') ORDER BY hat_name; DROP RULE hat_upsert ON hats; drop table hats; drop table hat_data; +-- test for pg_get_functiondef properly regurgitating SET parameters +-- Note that the function is kept around to stress pg_dump. +CREATE FUNCTION func_with_set_params() RETURNS integer + AS 'select 1;' + LANGUAGE SQL + SET search_path TO PG_CATALOG + SET extra_float_digits TO 2 + SET work_mem TO '4MB' + SET datestyle to iso, mdy + SET local_preload_libraries TO "Mixed/Case", 'c:/"a"/path' + IMMUTABLE STRICT; +SELECT pg_get_functiondef('func_with_set_params()'::regprocedure); + pg_get_functiondef +--------------------------------------------------------------- + CREATE OR REPLACE FUNCTION public.func_with_set_params() + + RETURNS integer + + LANGUAGE sql + + IMMUTABLE STRICT + + SET search_path TO pg_catalog + + SET extra_float_digits TO '2' + + SET work_mem TO '4MB' + + SET "DateStyle" TO 'iso, mdy' + + SET local_preload_libraries TO "Mixed/Case", "c:/""a""/path"+ + AS $function$select 1;$function$ + + +(1 row) + -- tests for pg_get_*def with invalid objects SELECT pg_get_constraintdef(0); pg_get_constraintdef diff --git a/src/test/regress/sql/rules.sql b/src/test/regress/sql/rules.sql index 0ded0f01d2..d9aecad912 100644 --- a/src/test/regress/sql/rules.sql +++ b/src/test/regress/sql/rules.sql @@ -1155,6 +1155,19 @@ DROP RULE hat_upsert ON hats; drop table hats; drop table hat_data; +-- test for pg_get_functiondef properly regurgitating SET parameters +-- Note that the function is kept around to stress pg_dump. +CREATE FUNCTION func_with_set_params() RETURNS integer + AS 'select 1;' + LANGUAGE SQL + SET search_path TO PG_CATALOG + SET extra_float_digits TO 2 + SET work_mem TO '4MB' + SET datestyle to iso, mdy + SET local_preload_libraries TO "Mixed/Case", 'c:/"a"/path' + IMMUTABLE STRICT; +SELECT pg_get_functiondef('func_with_set_params()'::regprocedure); + -- tests for pg_get_*def with invalid objects SELECT pg_get_constraintdef(0); SELECT pg_get_functiondef(0); -- 2.40.0