From 445bd37b19c297b56a7e3b24a69b3648918d2c31 Mon Sep 17 00:00:00 2001
From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 2 Jul 2025 15:47:59 -0400
Subject: [PATCH] Correctly copy the target host identification in
 PQcancelCreate.

PQcancelCreate failed to copy struct pg_conn_host's "type" field,
instead leaving it zero (a/k/a CHT_HOST_NAME).  This seemingly
has no great ill effects if it should have been CHT_UNIX_SOCKET
instead, but if it should have been CHT_HOST_ADDRESS then a
null-pointer dereference will occur when the cancelConn is used.

Bug: #18974
Reported-by: Maxim Boguk <maxim.boguk@gmail.com>
Author: Sergei Kornilov <sk@zsrv.org>
Reviewed-by: Tom Lane <tgl@sss.pgh.pa.us>
Discussion: https://postgr.es/m/18974-575f02b2168b36b3@postgresql.org
Backpatch-through: 17
---
 src/interfaces/libpq/fe-cancel.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/interfaces/libpq/fe-cancel.c b/src/interfaces/libpq/fe-cancel.c
index 213a6f43c2d..8c7aff42b5a 100644
--- a/src/interfaces/libpq/fe-cancel.c
+++ b/src/interfaces/libpq/fe-cancel.c
@@ -119,6 +119,7 @@ PQcancelCreate(PGconn *conn)
 		goto oom_error;
 
 	originalHost = conn->connhost[conn->whichhost];
+	cancelConn->connhost[0].type = originalHost.type;
 	if (originalHost.host)
 	{
 		cancelConn->connhost[0].host = strdup(originalHost.host);
-- 
2.39.5