Don't forget to de-escape the password field in .pgpass.

This has been broken just about forever (or more specifically, commit 7f4981f4af) and nobody noticed until Richard Huxton reported it recently. Analysis and fix by Ross Reedstrom, although I didn't use his patch. This doesn't seem important enough to back-patch and is mildly backward incompatible, so I'm just doing this in master.
14 years ago · 8d15e3ec4f
parent c31224e257
commit 8d15e3ec4f
1 changed files with 13 additions and 1 deletions
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@ -4904,7 +4904,9 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
 	while (!feof(fp) && !ferror(fp))
 	{
 		char	   *t = buf,
-				   *ret;
+				   *ret,
+				   *p1,
+				   *p2;
 		int			len;

 		if (fgets(buf, sizeof(buf), fp) == NULL)
@ -4925,6 +4927,16 @@ PasswordFromFile(char *hostname, char *port, char *dbname, char *username)
 			continue;
 		ret = strdup(t);
 		fclose(fp);
+
+		/* De-escape password. */
+		for (p1 = p2 = ret; *p1 != ':' && *p1 != '\0'; ++p1, ++p2)
+		{
+			if (*p1 == '\\' && p1[1] != '\0')
+				++p1;
+			*p2 = *p1;
+		}
+		*p2 = '\0';
+
 		return ret;
 	}