From: Michael Marley Date: Thu, 23 Apr 2015 12:46:43 +0000 (-0400) Subject: Execute initDbSession() on DB reconnects X-Git-Tag: 0.11.1~1 X-Git-Url: https://git.quassel-irc.org/?a=commitdiff_plain;ds=sidebyside;h=ea3c19c1baf6d042e2c2440631c0ce02432c96a0;hp=528493cd8b524c0978cb9ff4fbbe2fa74ad08847;p=quassel.git Execute initDbSession() on DB reconnects Previously, the initDbSession() function would only be run on the initial connect. Since the initDbSession() code in PostgreSQL is used to fix the CVE-2013-4422 SQL Injection bug, this means that Quassel was still vulnerable to that CVE if the PostgreSQL server is restarted or the connection is lost at any point while Quassel is running. This bug also causes the Qt5 psql timezone fix to stop working after a reconnect. The fix is to disable Qt's automatic reconnecting, check the connection status ourselves, and reconnect if necessary, executing the initDbSession() function afterward. --- diff --git a/src/core/abstractsqlstorage.cpp b/src/core/abstractsqlstorage.cpp index 4554f3f6..9522f812 100644 --- a/src/core/abstractsqlstorage.cpp +++ b/src/core/abstractsqlstorage.cpp @@ -53,7 +53,14 @@ QSqlDatabase AbstractSqlStorage::logDb() if (!_connectionPool.contains(QThread::currentThread())) addConnectionToPool(); - return QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name()); + QSqlDatabase db = QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name(),false); + + if (!db.isOpen()) { + qWarning() << "Database connection" << displayName() << "for thread" << QThread::currentThread() << "was lost, attempting to reconnect..."; + dbConnect(db); + } + + return db; } @@ -90,6 +97,12 @@ void AbstractSqlStorage::addConnectionToPool() db.setPassword(password()); } + dbConnect(db); +} + + +void AbstractSqlStorage::dbConnect(QSqlDatabase &db) +{ if (!db.open()) { quWarning() << "Unable to open database" << displayName() << "for thread" << QThread::currentThread(); quWarning() << "-" << db.lastError().text(); diff --git a/src/core/abstractsqlstorage.h b/src/core/abstractsqlstorage.h index 3e7b379f..d9002502 100644 --- a/src/core/abstractsqlstorage.h +++ b/src/core/abstractsqlstorage.h @@ -87,6 +87,7 @@ private slots: private: void addConnectionToPool(); + void dbConnect(QSqlDatabase &db); int _schemaVersion; bool _debug;