Skip site navigation (1) Skip section navigation (2)

Re: fix for palloc() of user-supplied length

From: Neil Conway <neilc(at)samurai(dot)com>
To: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
Cc: Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca>,PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: fix for palloc() of user-supplied length
Date: 2002-08-30 05:10:29
Message-ID: 87n0r5lynu.fsf@mailbox.samurai.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> writes:
> I have applied the following modified version of your patch.  The
> original version would not apply to CVS.

Yes, the reason being that Tom removed the entire section of code that
my patch modified (and that is the better solution, IMHO).

The patch you've applied does something rather different, and is
unrelated to the "vulnerability" reported by Mordred and referred to
in the Subject -- your patch adds some additional sanity checking when
reading the password packet from v1 protocol clients. This is
unnecessary for two reasons:

        (1) We use a StringInfo to hold the input data, which is
            dynamically allocated as necessary. Since there's no
            palloc() with user-supplied data, you'd need to write x
            bytes to the backend to force it to allocate x bytes of
            memory (i.e. potential for DoS is low).

        (2) The length supplied by the user is completely ignored by
            the code, and it simply reads the input until it sees a
            NULL terminator (read the comments in the code about 10
            lines down.) Therefore, any sanity checking on the length
            specified by the user is a waste of time.

You should probably back out your patch.

Cheers,

Neil

-- 
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC


In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2002-08-30 05:24:41
Subject: Re: fix for palloc() of user-supplied length
Previous:From: Christopher Kings-LynneDate: 2002-08-30 04:54:38
Subject: Re: contrib features during beta period

pgsql-patches by date

Next:From: Tom LaneDate: 2002-08-30 05:14:17
Subject: Re: revised patch for PL/PgSQL table functions
Previous:From: Neil ConwayDate: 2002-08-30 04:55:50
Subject: Re: revised patch for PL/PgSQL table functions

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group