Skip site navigation (1) Skip section navigation (2)

Re: fix for palloc() of user-supplied length

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Neil Conway <neilc(at)samurai(dot)com>
Cc: PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: fix for palloc() of user-supplied length
Date: 2002-08-28 03:01:38
Message-ID: 200208280301.g7S31ck03962@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Neil, is this the one Sir-* complained about?

---------------------------------------------------------------------------

Neil Conway wrote:
> This patch fixes the so-called DoS possibility when processing the
> password packet in recv_and_check_passwordv0(). Nothing fancy, I just
> added a sanity check to ensure that we bail out if the client enters
> an obviously-bogus length.
> 
> Cheers,
> 
> Neil
> 
> -- 
> Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

[ Attachment, skipping... ]

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://archives.postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

Responses

pgsql-hackers by date

Next:From: Neil ConwayDate: 2002-08-28 03:39:15
Subject: Re: fix for palloc() of user-supplied length
Previous:From: Bruce MomjianDate: 2002-08-28 03:00:58
Subject: Re: fix for palloc() of user-supplied length

pgsql-patches by date

Next:From: Neil ConwayDate: 2002-08-28 03:39:15
Subject: Re: fix for palloc() of user-supplied length
Previous:From: Bruce MomjianDate: 2002-08-28 03:00:58
Subject: Re: fix for palloc() of user-supplied length

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group