libpq: Correct processing of startup response messages

After sending a startup message, libpq expects either an error
response ('E') or an authentication request ('R').  Before processing
the message, it ensures it has read enough bytes to correspond to the
length specified in the message.  However, when processing the 'R'
message, if an EOF status is returned it loops back waiting for more
input, even though we already checked that we have enough input.  In
this particular case, this is probably not reachable anyway, because
other code ensures we have enough bytes for an authentication request
message, but the code is wrong and misleading.  In the more general
case, processing a faulty message could result in an EOF status, which
would then result in an infinite loop waiting for the end of a message
that will never come.  The correction is to make this an error.

Reported-by: Jacob Champion <jchampion@timescale.com>
Discussion: https://www.postgresql.org/message-id/flat/f9c7862f-b864-8ef7-a861-c4638c83e209@enterprisedb.com

diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index a6120bf58b8942d05056bb63fe00a5fe656b3774..7d54aa35899c0d0baa51163dcbd41ef32f3a693a 100644 (file)
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -3358,8 +3358,7 @@ keep_going:                                               /* We will come back to here until there is
                                /* Get the type of request. */
                                if (pqGetInt((int *) &areq, 4, conn))
                                {
-                                       /* We'll come back when there are more data */
-                                       return PGRES_POLLING_READING;
+                                       goto error_return;
                                }
                                msgLength -= 4;