Skip site navigation (1) Skip section navigation (2)

fix for palloc() of user-supplied length

From: Neil Conway <neilc(at)samurai(dot)com>
To: PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: fix for palloc() of user-supplied length
Date: 2002-08-27 22:12:44
Message-ID: 878z2s0x43.fsf@mailbox.samurai.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
This patch fixes the so-called DoS possibility when processing the
password packet in recv_and_check_passwordv0(). Nothing fancy, I just
added a sanity check to ensure that we bail out if the client enters
an obviously-bogus length.

Cheers,

Neil

-- 
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

Attachment: ver_zero_auth-1.patch
Description: text/x-patch (878 bytes)

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2002-08-27 22:17:03
Subject: Re: Open 7.3 items
Previous:From: Larry RosenmanDate: 2002-08-27 22:11:39
Subject: Re: LIMIT 1 FOR UPDATE or FOR UPDATE LIMIT 1?

pgsql-patches by date

Next:From: Tom LaneDate: 2002-08-27 22:18:36
Subject: Re: rules regression test fix
Previous:From: Tom LaneDate: 2002-08-27 22:08:40
Subject: Re: Proposed GUC Variable

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group