Check that connection limit is within valid range. IOW, not < -1.

It's missing in older versions too, but it doesn't seem worth
back-porting. All negative are just harmlessly treated as "no limit", and
tightening the check might even brake an application that relies on it.

diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 2ff7021f28503cc102f2b6f25e45b9aa10738f34..f9dcb973c0d8f64241f740a2e24ef94e974e29c3 100644 (file)
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -13,7 +13,7 @@
  *
  *
  * IDENTIFICATION
- *   $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.218 2009/01/20 18:59:37 heikki Exp $
+ *   $PostgreSQL: pgsql/src/backend/commands/dbcommands.c,v 1.219 2009/01/30 17:24:47 heikki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -244,7 +244,13 @@ createdb(const CreatedbStmt *stmt)
        dbctype = strVal(dctype->arg);
 
    if (dconnlimit && dconnlimit->arg)
+   {
        dbconnlimit = intVal(dconnlimit->arg);
+       if (dbconnlimit < -1)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("invalid connection limit: %d", dbconnlimit)));
+   }
 
    /* obtain OID of proposed owner */
    if (dbowner)
@@ -1319,7 +1325,13 @@ AlterDatabase(AlterDatabaseStmt *stmt, bool isTopLevel)
    }
 
    if (dconnlimit)
+   {
        connlimit = intVal(dconnlimit->arg);
+       if (connlimit < -1)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("invalid connection limit: %d", connlimit)));
+   }
 
    /*
     * Get the old tuple.  We don't need a lock on the database per se,

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 7c1da42bc3edac4a1686953231870000c8415784..22491cf3f78bd5eec21c4f1b541a48e0a713e981 100644 (file)
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -6,7 +6,7 @@
  * Portions Copyright (c) 1996-2009, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.185 2009/01/22 20:16:02 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/commands/user.c,v 1.186 2009/01/30 17:24:47 heikki Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -242,7 +242,13 @@ CreateRole(CreateRoleStmt *stmt)
    if (dcanlogin)
        canlogin = intVal(dcanlogin->arg) != 0;
    if (dconnlimit)
+   {
        connlimit = intVal(dconnlimit->arg);
+       if (connlimit < -1)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("invalid connection limit: %d", connlimit)));
+   }
    if (daddroleto)
        addroleto = (List *) daddroleto->arg;
    if (drolemembers)
@@ -533,7 +539,13 @@ AlterRole(AlterRoleStmt *stmt)
    if (dcanlogin)
        canlogin = intVal(dcanlogin->arg);
    if (dconnlimit)
+   {
        connlimit = intVal(dconnlimit->arg);
+       if (connlimit < -1)
+           ereport(ERROR,
+                   (errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+                    errmsg("invalid connection limit: %d", connlimit)));
+   }
    if (drolemembers)
        rolemembers = (List *) drolemembers->arg;
    if (dvalidUntil)