1020671 – connect() method should forward password down to libpq correctly

Bug 1020671 - connect() method should forward password down to libpq correctly

Summary: connect() method should forward password down to libpq correctly

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	python-psycopg2
Sub Component:
Version:	6.6
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Pavel Raiskup
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	811234 1070830 1159820
TreeView+	depends on / blocked

Reported:	2013-10-18 07:15 UTC by Pavel Raiskup
Modified:	2016-07-25 08:09 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2016-07-25 08:09:20 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Proposed downstream fix. (2.45 KB, patch) 2013-10-22 08:15 UTC, Pavel Raiskup	no flags	Details \| Diff
Proposed downstream fix. (2.36 KB, patch) 2013-10-22 08:18 UTC, Pavel Raiskup	no flags	Details \| Diff
Proposed downstream fix. (2.40 KB, patch) 2013-10-22 08:40 UTC, Pavel Raiskup	no flags	Details \| Diff
exporting PSYCOPG2_RHEL_CONNECT_FIXUP=0 will opt-out this fix (3.51 KB, patch) 2013-10-22 11:40 UTC, Pavel Raiskup	no flags	Details \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Description Pavel Raiskup 2013-10-18 07:15:21 UTC

Currently, if using "connect(user='user', password='PASS :')", psycopg2 module
is not able to parse 'password' parameter correctly.  Spaces and colons cause
problems and to fix that - these symbols should be properly escaped (or whole
password should be wrapped by ' symbol).

Initially created based on discussion in bug #968532.

Comment 2 Pavel Raiskup 2013-10-22 08:15:20 UTC

Created attachment 814886 [details]
Proposed downstream fix.

In the time 2.0.14 was released, the 'connect()' method was not wrapped by
python function — it was direct 'C' plugin call.  So the upstream patch
(commit 625cc1b402b33) is not usable at all for RHEL6.

Proposed patch escapes single quote characters inside parameter value of
connect() method and wraps each parameter value by single quotes.  This patch
does not make sense to send (or consult with) upstream as they are too far
from 2.0.14.

Comment 4 Pavel Raiskup 2013-10-22 08:18:48 UTC

Created attachment 814888 [details]
Proposed downstream fix.

I have uploaded bad (upstream) fix, now it is correct.

Comment 6 Pavel Raiskup 2013-10-22 08:40:17 UTC

Created attachment 814904 [details]
Proposed downstream fix.

Escape also backslashes.

Comment 12 Pavel Raiskup 2013-10-22 11:40:36 UTC

Created attachment 814946 [details]
exporting PSYCOPG2_RHEL_CONNECT_FIXUP=0 will opt-out this fix

Comment 17 Mike McCune 2016-03-28 23:21:47 UTC

This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions

Note You need to log in before you can comment on or make changes to this bug.