From ea3c19c1baf6d042e2c2440631c0ce02432c96a0 Mon Sep 17 00:00:00 2001
From: Michael Marley <michael@michaelmarley.com>
Date: Thu, 23 Apr 2015 08:46:43 -0400
Subject: [PATCH] Execute initDbSession() on DB reconnects

Previously, the initDbSession() function would only be run on the
initial connect.  Since the initDbSession() code in PostgreSQL is
used to fix the CVE-2013-4422 SQL Injection bug, this means that
Quassel was still vulnerable to that CVE if the PostgreSQL server
is restarted or the connection is lost at any point while Quassel
is running.

This bug also causes the Qt5 psql timezone fix to stop working
after a reconnect.

The fix is to disable Qt's automatic reconnecting, check the
connection status ourselves, and reconnect if necessary, executing
the initDbSession() function afterward.
---
 src/core/abstractsqlstorage.cpp | 15 ++++++++++++++-
 src/core/abstractsqlstorage.h   |  1 +
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/core/abstractsqlstorage.cpp b/src/core/abstractsqlstorage.cpp
index 4554f3f6..9522f812 100644
--- a/src/core/abstractsqlstorage.cpp
+++ b/src/core/abstractsqlstorage.cpp
@@ -53,7 +53,14 @@ QSqlDatabase AbstractSqlStorage::logDb()
     if (!_connectionPool.contains(QThread::currentThread()))
         addConnectionToPool();
 
-    return QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name());
+    QSqlDatabase db = QSqlDatabase::database(_connectionPool[QThread::currentThread()]->name(),false);
+
+    if (!db.isOpen()) {
+        qWarning() << "Database connection" << displayName() << "for thread" << QThread::currentThread() << "was lost, attempting to reconnect...";
+        dbConnect(db);
+    }
+
+    return db;
 }
 
 
@@ -90,6 +97,12 @@ void AbstractSqlStorage::addConnectionToPool()
         db.setPassword(password());
     }
 
+    dbConnect(db);
+}
+
+
+void AbstractSqlStorage::dbConnect(QSqlDatabase &db)
+{
     if (!db.open()) {
         quWarning() << "Unable to open database" << displayName() << "for thread" << QThread::currentThread();
         quWarning() << "-" << db.lastError().text();
diff --git a/src/core/abstractsqlstorage.h b/src/core/abstractsqlstorage.h
index 3e7b379f..d9002502 100644
--- a/src/core/abstractsqlstorage.h
+++ b/src/core/abstractsqlstorage.h
@@ -87,6 +87,7 @@ private slots:
 
 private:
     void addConnectionToPool();
+    void dbConnect(QSqlDatabase &db);
 
     int _schemaVersion;
     bool _debug;
-- 
2.20.1