Skip site navigation (1) Skip section navigation (2)

psql with GSS can crash

From: Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM>
To: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: psql with GSS can crash
Date: 2010-02-25 14:04:17
Message-ID: 4B868361.2040507@sun.com (view raw or flat)
Thread:
Lists: pgsql-hackers
Hi all,

I got following stack:

  fffffd7ffed14b70 strlen () + 40
  fffffd7ffed71665 snprintf () + e5
  fffffd7fff36d088 pg_GSS_startup () + 88
  fffffd7fff36d43a pg_fe_sendauth () + 15a
  fffffd7fff36e557 PQconnectPoll () + 3b7
  fffffd7fff36e152 connectDBComplete () + a2
  fffffd7fff36dc32 PQsetdbLogin () + 1b2
  000000000041e96d main () + 30d
  000000000041302c ???????? ()

It seems that connection is not fully configured and krbsrvname or 
pghost is not filled. Following code in fe-auth.c pg_GSS_startup() 
causes a crash:

     440 	maxlen = NI_MAXHOST + strlen(conn->krbsrvname) + 2;
     441 	temp_gbuf.value = (char *) malloc(maxlen);
     442 	snprintf(temp_gbuf.value, maxlen, "%s(at)%s",
     443 			 conn->krbsrvname, conn->pghost);
     444 	temp_gbuf.length = strlen(temp_gbuf.value);

And following code in fe-connect.c fillPGconn() fill NULL value.

     571 	tmp = conninfo_getval(connOptions, "krbsrvname");
     572 	conn->krbsrvname = tmp ? strdup(tmp) : NULL;

I think that pg_GSS_startup should sanity the input.

	Zdenek

Responses

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2010-02-25 14:17:54
Subject: Re: psql with GSS can crash
Previous:From: Greg StarkDate: 2010-02-25 13:41:59
Subject: Re: Assertion failure in walreceiver

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group