From 2dfe18952e51b618d7099e4a85fd517a58693ae2 Mon Sep 17 00:00:00 2001
From: heikki <heikki>
Date: Fri, 30 Jan 2009 17:24:47 +0000
Subject: [PATCH] Check that connection limit is within valid range. IOW, not <
 -1.

It's missing in older versions too, but it doesn't seem worth
back-porting. All negative are just harmlessly treated as "no limit", and
tightening the check might even brake an application that relies on it.
---
 src/backend/commands/dbcommands.c | 12 ++++++++++++
 src/backend/commands/user.c       | 12 ++++++++++++
 2 files changed, 24 insertions(+)

diff --git a/src/backend/commands/dbcommands.c b/src/backend/commands/dbcommands.c
index 7e065762a8..d08e3d0853 100644
--- a/src/backend/commands/dbcommands.c
+++ b/src/backend/commands/dbcommands.c
@@ -244,7 +244,13 @@ createdb(const CreatedbStmt *stmt)
 		dbctype = strVal(dctype->arg);
 
 	if (dconnlimit && dconnlimit->arg)
+	{
 		dbconnlimit = intVal(dconnlimit->arg);
+		if (dbconnlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", dbconnlimit)));
+	}
 
 	/* obtain OID of proposed owner */
 	if (dbowner)
@@ -1319,7 +1325,13 @@ AlterDatabase(AlterDatabaseStmt *stmt, bool isTopLevel)
 	}
 
 	if (dconnlimit)
+	{
 		connlimit = intVal(dconnlimit->arg);
+		if (connlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", connlimit)));
+	}
 
 	/*
 	 * Get the old tuple.  We don't need a lock on the database per se,
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 783de0246a..065fce7421 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -242,7 +242,13 @@ CreateRole(CreateRoleStmt *stmt)
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg) != 0;
 	if (dconnlimit)
+	{
 		connlimit = intVal(dconnlimit->arg);
+		if (connlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", connlimit)));
+	}
 	if (daddroleto)
 		addroleto = (List *) daddroleto->arg;
 	if (drolemembers)
@@ -533,7 +539,13 @@ AlterRole(AlterRoleStmt *stmt)
 	if (dcanlogin)
 		canlogin = intVal(dcanlogin->arg);
 	if (dconnlimit)
+	{
 		connlimit = intVal(dconnlimit->arg);
+		if (connlimit < -1)
+			ereport(ERROR,
+					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
+					 errmsg("invalid connection limit: %d", connlimit)));
+	}
 	if (drolemembers)
 		rolemembers = (List *) drolemembers->arg;
 	if (dvalidUntil)
-- 
2.11.4.GIT