Quick Links

fix for palloc() of user-supplied length

From:	Neil Conway <neilc(at)samurai(dot)com>
To:	PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org>
Subject:	fix for palloc() of user-supplied length
Date:	2002-08-27 22:12:44
Message-ID:	878z2s0x43.fsf@mailbox.samurai.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers pgsql-patches

This patch fixes the so-called DoS possibility when processing the
password packet in recv_and_check_passwordv0(). Nothing fancy, I just
added a sanity check to ensure that we bail out if the client enters
an obviously-bogus length.

Cheers,

Neil

--
Neil Conway <neilc(at)samurai(dot)com> || PGP Key ID: DB3C29FC

Attachment	Content-Type	Size
ver_zero_auth-1.patch	text/x-patch	878 bytes

Responses

Re: fix for palloc() of user-supplied length at 2002-08-27 22:32:48 from Tom Lane
Re: fix for palloc() of user-supplied length at 2002-08-28 03:01:38 from Bruce Momjian

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2002-08-27 22:17:03	Re: Open 7.3 items
Previous Message	Larry Rosenman	2002-08-27 22:11:39	Re: LIMIT 1 FOR UPDATE or FOR UPDATE LIMIT 1?

Browse pgsql-patches by date

	From	Date	Subject
Next Message	Tom Lane	2002-08-27 22:18:36	Re: rules regression test fix
Previous Message	Tom Lane	2002-08-27 22:08:40	Re: Proposed GUC Variable