From: | Magnus Hagander <magnus(at)hagander(dot)net> |
---|---|
To: | aland(at)freeradius(dot)org |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #5687: RADIUS Authentication issues |
Date: | 2010-10-07 19:04:01 |
Message-ID: | AANLkTimfM5fhAXq-hY2Sw-61ESywuYgBpes1TEw5surY@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On Tue, Oct 5, 2010 at 19:11, Alan T DeKok <aland(at)freeradius(dot)org> wrote:
> Magnus Hagander wrote:
>> Actually, nevermind that one. Here's a patch I worked up from your
>> description, and that turns out to be fairly similar to yours in what
>> it does I think - except I'm not rearranging the code into a separate
>> function. We already have a while-loop.
>
> Thanks. The only comment I have is that the hard-code 100000 could be
> USECS_PER_SEC.
That's hardcoded elsewhere in the backend though, and we've not used
USECS_PER_SEC anywhere else. So for consistency..
>> See attached context diff, and I've also included a diff without
>> whitespace changes since the majority of the diff is otherwise coming
>> from indenting the code one tab...
>>
>> (so far untested, I seem to have deleted my test-instance of the
>> radius server, but I figured I should post my attempt anyway)
>
> I can set up a test server if you want.
Nah, I should get mine back up.
If you can test the complete patch in your environment (particularly
if you already have a "bad packet injector" that you know creates the
issue on 9.0), that would be great though.
>> Also, my patch does not change from log to warning - note that warning
>> is actually *below* log when it comes to the logfile (see
>> log_min_messages comments in postgresql.conf). I keep making that
>> mistake myself...
>
> OK. My only interest there was to ensure that a DoS attack wouldn't
> result in the log being flooded with "invalid packet" messages.
Uh, how exactly does your patch prevent that?
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
From | Date | Subject | |
---|---|---|---|
Next Message | Alan T DeKok | 2010-10-07 19:29:20 | Re: BUG #5687: RADIUS Authentication issues |
Previous Message | Tom Lane | 2010-10-07 15:58:08 | Re: BUG #5697: Infinite loop inside PQexecStart function |