diff options
Diffstat (limited to 'src/interfaces/libpq/fe-secure.c')
-rw-r--r-- | src/interfaces/libpq/fe-secure.c | 81 |
1 files changed, 70 insertions, 11 deletions
diff --git a/src/interfaces/libpq/fe-secure.c b/src/interfaces/libpq/fe-secure.c index 0b998e254d3..a1dc7b796d1 100644 --- a/src/interfaces/libpq/fe-secure.c +++ b/src/interfaces/libpq/fe-secure.c @@ -280,9 +280,22 @@ pqsecure_raw_read(PGconn *conn, void *ptr, size_t len) /* * Write data to a secure connection. * - * On failure, this function is responsible for appending a suitable message - * to conn->errorMessage. The caller must still inspect errno, but only - * to determine whether to continue/retry after error. + * Returns the number of bytes written, or a negative value (with errno + * set) upon failure. The write count could be less than requested. + * + * Note that socket-level hard failures are masked from the caller, + * instead setting conn->write_failed and storing an error message + * in conn->write_err_msg; see pqsecure_raw_write. This allows us to + * postpone reporting of write failures until we're sure no error + * message is available from the server. + * + * However, errors detected in the SSL or GSS management level are reported + * via a negative result, with message appended to conn->errorMessage. + * It's frequently unclear whether such errors should be considered read or + * write errors, so we don't attempt to postpone reporting them. + * + * The caller must still inspect errno upon failure, but only to determine + * whether to continue/retry; a message has been saved someplace in any case. */ ssize_t pqsecure_write(PGconn *conn, const void *ptr, size_t len) @@ -310,16 +323,50 @@ pqsecure_write(PGconn *conn, const void *ptr, size_t len) return n; } +/* + * Low-level implementation of pqsecure_write. + * + * This is used directly for an unencrypted connection. For encrypted + * connections, this does the physical I/O on behalf of pgtls_write or + * pg_GSS_write. + * + * This function reports failure (i.e., returns a negative result) only + * for retryable errors such as EINTR. Looping for such cases is to be + * handled at some outer level, maybe all the way up to the application. + * For hard failures, we set conn->write_failed and store an error message + * in conn->write_err_msg, but then claim to have written the data anyway. + * This is because we don't want to report write failures so long as there + * is a possibility of reading from the server and getting an error message + * that could explain why the connection dropped. Many TCP stacks have + * race conditions such that a write failure may or may not be reported + * before all incoming data has been read. + * + * Note that this error behavior happens below the SSL management level when + * we are using SSL. That's because at least some versions of OpenSSL are + * too quick to report a write failure when there's still a possibility to + * get a more useful error from the server. + */ ssize_t pqsecure_raw_write(PGconn *conn, const void *ptr, size_t len) { ssize_t n; int flags = 0; int result_errno = 0; + char msgbuf[1024]; char sebuf[PG_STRERROR_R_BUFLEN]; DECLARE_SIGPIPE_INFO(spinfo); + /* + * If we already had a write failure, we will never again try to send data + * on that connection. Even if the kernel would let us, we've probably + * lost message boundary sync with the server. conn->write_failed + * therefore persists until the connection is reset, and we just discard + * all data presented to be written. + */ + if (conn->write_failed) + return len; + #ifdef MSG_NOSIGNAL if (conn->sigpipe_flag) flags |= MSG_NOSIGNAL; @@ -369,17 +416,29 @@ retry_masked: /* FALL THRU */ case ECONNRESET: - appendPQExpBufferStr(&conn->errorMessage, - libpq_gettext("server closed the connection unexpectedly\n" - "\tThis probably means the server terminated abnormally\n" - "\tbefore or while processing the request.\n")); + conn->write_failed = true; + /* Store error message in conn->write_err_msg, if possible */ + /* (strdup failure is OK, we'll cope later) */ + snprintf(msgbuf, sizeof(msgbuf), + libpq_gettext("server closed the connection unexpectedly\n" + "\tThis probably means the server terminated abnormally\n" + "\tbefore or while processing the request.\n")); + conn->write_err_msg = strdup(msgbuf); + /* Now claim the write succeeded */ + n = len; break; default: - appendPQExpBuffer(&conn->errorMessage, - libpq_gettext("could not send data to server: %s\n"), - SOCK_STRERROR(result_errno, - sebuf, sizeof(sebuf))); + conn->write_failed = true; + /* Store error message in conn->write_err_msg, if possible */ + /* (strdup failure is OK, we'll cope later) */ + snprintf(msgbuf, sizeof(msgbuf), + libpq_gettext("could not send data to server: %s\n"), + SOCK_STRERROR(result_errno, + sebuf, sizeof(sebuf))); + conn->write_err_msg = strdup(msgbuf); + /* Now claim the write succeeded */ + n = len; break; } } |