| From: | Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Removing the fixed-size buffer restriction in hba.c |
| Date: | 2023-07-24 18:07:07 |
| Message-ID: | CAFcNs+qO55TqQmE+G99kUmx+O89JnXWW7nr=sDhi4sHhbsxWEg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Mon, Jul 24, 2023 at 2:53 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>
> We got a complaint at [1] about how a not-so-unreasonable LDAP
> configuration can hit the "authentication file token too long,
> skipping" error case in hba.c's next_token(). I think we've
> seen similar complaints before, although a desultory archives
> search didn't turn one up.
>
> A minimum-change response would be to increase the MAX_TOKEN
> constant from 256 to (say) 1K or 10K. But it wouldn't be all
> that hard to replace the fixed-size buffer with a StringInfo,
> as attached.
>
+1 for replacing it with StringInfo. And the patch LGTM!
>
> Given the infrequency of complaints, I'm inclined to apply
> the more thorough fix only in HEAD, and to just raise MAX_TOKEN
> in the back branches. Thoughts?
>
It makes sense to change it only in HEAD.
Regards,
--
Fabrízio de Royes Mello
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jeff Davis | 2023-07-24 18:23:32 | Re: Use of additional index columns in rows filtering |
| Previous Message | Stephen Frost | 2023-07-24 18:04:37 | Re: odd buildfarm failure - "pg_ctl: control file appears to be corrupt" |