| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-hackers(at)postgreSQL(dot)org |
| Subject: | Bogus-looking SSL code in postmaster wait loop |
| Date: | 2000-10-24 22:04:01 |
| Message-ID: | 26096.972425041@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
The postmaster contains this code just before it waits for input:
#ifdef USE_SSL
for (curr = DLGetHead(PortList); curr; curr = DLGetSucc(curr))
{
if (((Port *) DLE_VAL(curr))->ssl &&
SSL_pending(((Port *) DLE_VAL(curr))->ssl) > 0)
{
no_select = true;
break;
}
}
if (no_select)
FD_ZERO(&rmask); /* So we don't accept() anything below */
#endif
I am not sure exactly what SSL_pending() is defined to mean, but as
near as I can tell, whenever SSL_pending() returns true, the postmaster
will completely ignore every other input-ready condition. This spells
"denial of service" from where I sit: a nonresponsive SSL client will
cause the postmaster to freeze up for all other clients.
Can anyone who knows about SSL defend or even explain the above code?
I am strongly inclined to just dike it out.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Hiroshi Inoue | 2000-10-25 01:12:02 | Re: relation ### modified while in use |
| Previous Message | Tom Lane | 2000-10-24 21:30:39 | Re: [PATCHES] binary operators on integers |