Skip site navigation (1) Skip section navigation (2)

Re: fix for palloc() of user-supplied length

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Neil Conway <neilc(at)samurai(dot)com>
Cc: Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca>,PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: fix for palloc() of user-supplied length
Date: 2002-08-29 21:45:56
Message-ID: 200208292145.g7TLjvc23934@candle.pha.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
I have applied the following modified version of your patch.  The
original version would not apply to CVS.

---------------------------------------------------------------------------

Neil Conway wrote:
> Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca> writes:
> > + 	if (len < 1 || len > 8192)
> > + 	{
> > + 		elog(LOG, "Password packet length too long: %d", len);
> >                                                   ^^^^^^^^
> > Shouldn't it be changed to 'too long || too long' then? ;)
> 
> Woops, sorry for being careless. Changed the wording to refer to
> 'invalid' rather than 'too long' or 'too short'.
> 
> > And also for the message to be more descriptive for the innocent, I'd included
> > the current boundaries in it (like: "expected: 1 <= len <= 8192")
> 
> Also fixed, although I'm not sure it's worth worrying about.
> 
> > (a question: isn't hardcoding an evil?)
> 
> Yes, probably -- as the comment notes, it is just an arbitrary
> limitation. But given that (a) it is extremely unlikely to ever be
> encountered in a real-life situation (b) the limits it imposes are
> very lax (c) it is temporary code that will be ripped out shortly, I'm
> not too concerned... 
> 
> Thanks for taking a look at the code, BTW.
> 
> Cheers,
> 
> Neil
> 
> -- 
> Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

[ Attachment, skipping... ]

> 
> ---------------------------(end of broadcast)---------------------------
> TIP 6: Have you searched our list archives?
> 
> http://archives.postgresql.org

-- 
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman(at)candle(dot)pha(dot)pa(dot)us               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

In response to

Responses

pgsql-hackers by date

Next:From: Andrew SullivanDate: 2002-08-29 21:59:51
Subject: Re: tweaking MemSet() performance
Previous:From: Jukka HolappaDate: 2002-08-29 21:29:03
Subject: [PATCH] Sprintf() patch against current CVS tree.

pgsql-patches by date

Next:From: Nigel J. AndrewsDate: 2002-08-29 22:06:15
Subject: Re: [GENERAL] worried about PGPASSWORD drop
Previous:From: Bruce MomjianDate: 2002-08-29 21:42:27
Subject: Re: [GENERAL] worried about PGPASSWORD drop

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group