Matthias Apitz <guru@unixarea.de> writes:
> El día domingo, abril 25, 2021 a las 11:51:45a. m. -0400, Tom Lane escribió:
>> Hmph. So why wasn't this visible in the tcpdump trace?
> It was visible. That's why I detected it while looking up the TCP
> packages before the UPDATE:
> 10:57:16.051326 IP 127.0.0.1.52288 > 127.0.0.1.5432: Flags [P.], seq 14280:14407, ack 120304, win 512, options
[nop,nop,TSval 3424445708 ecr 3424445708], length 127
> 0x0000: 4500 00b3 b84e 4000 4006 83f4 7f00 0001 E....N@.@.......
> 0x0010: 7f00 0001 cc40 1538 d9b9 44bb fcd1 afb7 .....@.8..D.....
> 0x0020: 8018 0200 fea7 0000 0101 080a cc1c e50c ................
> 0x0030: cc1c e50c 5352 502d 3236 3937 363a 2072 ....SRP-26976:.r
> 0x0040: 6573 746f 7265 6420 7374 7275 6374 206b estored.struct.k
> 0x0050: 6574 7465 7361 747a 2066 6f72 2073 6574 ettesatz.for.set
> 0x0060: 6964 3a32 2c20 6465 736b 3a33 3831 3832 id:2,.desk:38182
> 0x0070: 3038 302c 2066 656c 646e 723a 362c 206b 080,.feldnr:6,.k
> 0x0080: 6174 6b65 793a 3136 3839 3532 3937 392c atkey:168952979,
> 0x0090: 206b 6574 7465 7361 747a 2e66 7265 693a .kettesatz.frei:
> 0x00a0: 302c 206b 6574 7465 7361 747a 2e61 6e7a 0,.kettesatz.anz
> 0x00b0: 3235 0a 25.
Ah. On looking at the server code, I see there *is* some validation
on the message type code --- but here, the first byte is 'S' which
happens to be a legal message type, so you got past that check.
Still, the apparent message length is then "RP-2" (0x52502d32)
which is bigger than 1GB so I don't quite understand why you didn't
get an "out of memory" error.
In any case, we could clearly do with some more sanity checking than
is there now. I'll post a patch for that in a bit.
regards, tom lane
