Re: Oops in fe-auth.c

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Magnus Hagander <magnus(at)hagander(dot)net>
Cc: pgsql-hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Oops in fe-auth.c
Date: 2007-07-23 17:26:32
Message-ID: 29403.1185211592@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers pgsql-patches

Magnus Hagander <magnus(at)hagander(dot)net> writes:
>> I never actually tested if it crashes on mingw, but looking some more at it
>> it really should - once one of these errors happen.

> Hm. Much easier than that - the code is new in HEAD. 8.2 did
> fprintf(stderr). And HEAD still does that in at least one case.

> Anyway, I'll go ahead with the patch I wrote since it does Seem Nicer to
> actually use the PQexpbuffer code there, and the patch was rather
> trivial, but it's certainly not something to backpatch then...

It does look like there is a risk in 8.2 and before, though:
the fe-auth.c code has a lot of snprintf's with PQERRORMSG_LENGTH,
which should all be INITIAL_EXPBUFFER_SIZE according to that header
comment. snprintf typically doesn't write more than it has to,
but if there ever were a message exceeding INITIAL_EXPBUFFER_SIZE
we'd be at risk of a memory clobber. So that should be changed
as far back as it does that. Do you want to take care of it?
I can if you don't want to.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Magnus Hagander 2007-07-23 17:30:32 Re: Oops in fe-auth.c
Previous Message Magnus Hagander 2007-07-23 17:22:50 Re: [HACKERS] Oops in fe-auth.c

Browse pgsql-patches by date

  From Date Subject
Next Message Magnus Hagander 2007-07-23 17:30:32 Re: Oops in fe-auth.c
Previous Message Magnus Hagander 2007-07-23 17:22:50 Re: [HACKERS] Oops in fe-auth.c