mirrors/postgres
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent problem with extra-long password packets from allocating lots of

Browse Source 
memory.

Neil Conway
This commit is contained in:
Bruce Momjian 2002-08-29 21:50:36 +00:00
parent 626eca697c
commit f81ce4a0f6
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/backend/libpq/auth.c
View File

@ -8,7 +8,7 @@
* *
* *
* IDENTIFICATION * IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.86 2002/08/29 03:22:01 tgl Exp $ * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.87 2002/08/29 21:50:36 momjian Exp $
* *
*------------------------------------------------------------------------- *-------------------------------------------------------------------------
*/ */
@ -709,6 +709,20 @@ recv_and_check_password_packet(Port *port)
if (pq_eof() == EOF || pq_getint(&len, 4) == EOF) if (pq_eof() == EOF || pq_getint(&len, 4) == EOF)
return STATUS_EOF; /* client didn't want to send password */ return STATUS_EOF; /* client didn't want to send password */
/*
* Since the remote client has not yet been authenticated, we need
* to be careful when using the data they send us. The 8K limit is
* arbitrary, and somewhat bogus: the intent is to ensure we don't
* allocate an enormous chunk of memory.
*/
if (len < 1 || len > 8192)
{
elog(LOG, "Invalid password packet length: %d; "
"must satisfy 1 <= length <= 8192", len);
return STATUS_EOF;
}
initStringInfo(&buf); initStringInfo(&buf);
if (pq_getstr(&buf) == EOF) /* receive password */ if (pq_getstr(&buf) == EOF) /* receive password */
{ {