|From:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|To:||Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com>|
|Cc:||Naoya Anzai <anzai-naoya(at)mxu(dot)nes(dot)nec(dot)co(dot)jp>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>|
|Subject:||Re: PostgreSQL Service on Windows does not start. ~ "is not a valid Win32 application"|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Rajeev rastogi <rajeev(dot)rastogi(at)huawei(dot)com> writes:
> One suggestion:
> Instead of using sizeof(cmdLine),
> a. Can't we use strlen (hence small 'for' loop).
> b. Or use memmove to move one byte.
I looked at this patch a bit. I agree that we need to fix
pgwin32_CommandLine to double-quote the executable name, but it needs a
great deal more work than that :-(. Whoever wrote this code was
apparently unacquainted with the concept of buffer overrun. It's not
going to be hard at all to crash pg_ctl with overlength arguments. I'm
not sure that that amounts to a security bug, but it's certainly bad.
After some thought it seems like the most future-proof fix is to not
use a fixed-length buffer for the command string at all. The attached
revised patch switches it over to using a PQExpBuffer instead, which is
pretty much free since we're relying on libpq anyway in this program.
(We still use a fixed-length buffer for the program path, which is OK
because that's what find_my_exec and find_other_exec expect.)
In addition, I fixed it to append .exe in both cases not just the one.
I'm not in a position to actually test this, but it does compile
regards, tom lane
|Next Message||Jeff Davis||2013-11-24 03:09:48||Re: Freezing without write I/O|
|Previous Message||Peter Eisentraut||2013-11-24 02:36:53||Re: Completing PL support for Event Triggers|