Skip site navigation (1) Skip section navigation (2)

Re: fix for palloc() of user-supplied length

From: Neil Conway <neilc(at)samurai(dot)com>
To: Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca>
Cc: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>,PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject: Re: fix for palloc() of user-supplied length
Date: 2002-08-28 04:33:26
Message-ID: 87sn0zy549.fsf@mailbox.samurai.com (view raw or flat)
Thread:
Lists: pgsql-hackerspgsql-patches
Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca> writes:
> + 	if (len < 1 || len > 8192)
> + 	{
> + 		elog(LOG, "Password packet length too long: %d", len);
>                                                   ^^^^^^^^
> Shouldn't it be changed to 'too long || too long' then? ;)

Woops, sorry for being careless. Changed the wording to refer to
'invalid' rather than 'too long' or 'too short'.

> And also for the message to be more descriptive for the innocent, I'd included
> the current boundaries in it (like: "expected: 1 <= len <= 8192")

Also fixed, although I'm not sure it's worth worrying about.

> (a question: isn't hardcoding an evil?)

Yes, probably -- as the comment notes, it is just an arbitrary
limitation. But given that (a) it is extremely unlikely to ever be
encountered in a real-life situation (b) the limits it imposes are
very lax (c) it is temporary code that will be ripped out shortly, I'm
not too concerned... 

Thanks for taking a look at the code, BTW.

Cheers,

Neil

-- 
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

Attachment: ver_zero_auth-3.patch
Description: text/x-patch (951 bytes)

In response to

Responses

pgsql-hackers by date

Next:From: Marc LavergneDate: 2002-08-28 04:39:03
Subject: Re: C vs. C++ contributions
Previous:From: Tom LaneDate: 2002-08-28 04:29:16
Subject: Re: [SQL] LIMIT 1 FOR UPDATE or FOR UPDATE LIMIT 1?

pgsql-patches by date

Next:From: Joe ConwayDate: 2002-08-28 04:54:37
Subject: Anonymous-record-types omission
Previous:From: Serguei MokhovDate: 2002-08-28 04:12:26
Subject: Re: fix for palloc() of user-supplied length

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group