Remove one use of IDENT_USERNAME_MAX

IDENT_USERNAME_MAX is the maximum length of the information returned
by an ident server, per RFC 1413.  Using it as the buffer size in peer
authentication is inappropriate.  It was done here because of the
historical relationship between peer and ident authentication.  To
reduce confusion between the two authenticaton methods and disentangle
their code, use a dynamically allocated buffer instead.

Discussion: https://www.postgresql.org/message-id/flat/c798fba5-8b71-4f27-c78e-37714037ea31%402ndquadrant.com

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 58a44adeb7c30b7bc9424c188c1a31d3450ba36d..d28271c1d87ba8bb76a9e547d3b8d49b8585cf9b 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -65,7 +65,7 @@ static int    CheckSCRAMAuth(Port *port, char *shadow_pass, char **logdetail);
  * Ident authentication
  *----------------------------------------------------------------
  */
-/* Max size of username ident server can return */
+/* Max size of username ident server can return (per RFC 1413) */
 #define IDENT_USERNAME_MAX 512
 
 /* Standard TCP port number for Ident service.  Assigned by IANA */
@@ -1990,10 +1990,11 @@ ident_inet_done:
 static int
 auth_peer(hbaPort *port)
 {
-   char        ident_user[IDENT_USERNAME_MAX + 1];
    uid_t       uid;
    gid_t       gid;
    struct passwd *pw;
+   char       *peer_user;
+   int         ret;
 
    if (getpeereid(port->sock, &uid, &gid) != 0)
    {
@@ -2022,9 +2023,14 @@ auth_peer(hbaPort *port)
        return STATUS_ERROR;
    }
 
-   strlcpy(ident_user, pw->pw_name, IDENT_USERNAME_MAX + 1);
+   /* Make a copy of static getpw*() result area. */
+   peer_user = pstrdup(pw->pw_name);
+
+   ret = check_usermap(port->hba->usermap, port->user_name, peer_user, false);
 
-   return check_usermap(port->hba->usermap, port->user_name, ident_user, false);
+   pfree(peer_user);
+
+   return ret;
 }
 #endif                         /* HAVE_UNIX_SOCKETS */