Reject bogus output from uuid_create(3).

When using the BSD UUID functions, contrib/uuid-ossp expects uuid_create() to produce a version-1 UUID. FreeBSD still does so, but in recent NetBSD releases that function produces a version-4 (random) UUID instead. That's not acceptable for our purposes: if the user wanted v4 she would have asked for v4, not v1. Hence, check the version digit and complain if it's not '1'. Also drop the documentation's claim that the NetBSD implementation is usable. It might be, depending on which OS version you're using, but we're not going to get into that kind of detail. (Maybe someday we should ditch all these external libraries and just write our own UUID code, but today is not that day.) Nazir Bilal Yavuz, with cosmetic adjustments and docs by me. Backpatch to all supported versions. Discussion: https://postgr.es/m/3848059.1661038772@sss.pgh.pa.us Discussion: https://postgr.es/m/17358-89806e7420797025@postgresql.org
2022-09-09 12:41:36 -04:00 · 2022-09-09 12:41:36 -04:00 · 4d3f54bd7a
commit 4d3f54bd7a
parent 9bcf6fb281
3 changed files with 14 additions and 2 deletions
--- a/contrib/uuid-ossp/uuid-ossp.c
+++ b/contrib/uuid-ossp/uuid-ossp.c
@ -292,6 +292,18 @@ uuid_generate_internal(int v, unsigned char *ns, const char *ptr, int len)
 					{
 						strlcpy(strbuf, str, 37);

+						/*
+						 * In recent NetBSD, uuid_create() has started
+						 * producing v4 instead of v1 UUIDs.  Check the
+						 * version field and complain if it's not v1.
+						 */
+						if (strbuf[14] != '1')
+							ereport(ERROR,
+									(errcode(ERRCODE_EXTERNAL_ROUTINE_EXCEPTION),
+							/* translator: %c will be a hex digit */
+									 errmsg("uuid_create() produced a version %c UUID instead of the expected version 1",
+											strbuf[14])));
+
 						/*
 						 * PTR, if set, replaces the trailing characters of
 						 * the uuid; this is to support v1mc, where a random
--- a/doc/src/sgml/installation.sgml
+++ b/doc/src/sgml/installation.sgml
@ -944,7 +944,7 @@ su - postgres
        <itemizedlist>
         <listitem>
          <para>
-           <option>bsd</option> to use the UUID functions found in FreeBSD, NetBSD,
+           <option>bsd</option> to use the UUID functions found in FreeBSD
           and some other BSD-derived systems
          </para>
         </listitem>
--- a/doc/src/sgml/uuid-ossp.sgml
+++ b/doc/src/sgml/uuid-ossp.sgml
@ -167,7 +167,7 @@ SELECT uuid_generate_v3(uuid_ns_url(), 'http://www.postgresql.org');
   at <ulink url="http://www.ossp.org/pkg/lib/uuid/"></ulink>, it is not well
   maintained, and is becoming increasingly difficult to port to newer
   platforms.  <filename>uuid-ossp</filename> can now be built without the OSSP
-   library on some platforms.  On FreeBSD, NetBSD, and some other BSD-derived
+   library on some platforms.  On FreeBSD and some other BSD-derived
   platforms, suitable UUID creation functions are included in the
   core <filename>libc</filename> library.  On Linux, macOS, and some other
   platforms, suitable functions are provided in the <filename>libuuid</filename>