Stephen Frost <sfrost@snowman.net> writes:
> Ah-hah. Not sure if that was Robbie or myself (probably me, really,
> since I rewrote a great deal of that code). I agree that the regression
> tests don't test with very much data, but I tested pushing quite a bit
> of data through and didn't see any issues with my testing. Apparently I
> was getting pretty lucky. :/
You were *very* lucky, because this code is absolutely full of mistakes
related to incomplete reads, inadequate or outright wrong error handling,
etc.
I was nearly done cleaning that up, when it sank into me that
fe-secure-gssapi.c uses static buffers for partially-read or
partially-encoded data. That means that any client trying to use
multiple GSSAPI-encrypted connections is very likely to see breakage
due to different connections trying to use the same buffers concurrently.
I wonder whether that doesn't explain the complaints mentioned upthread
from the Ruby folks.
(be-secure-gssapi.c is coded identically, but there it's OK since
any backend only has one client connection to deal with.)
>> I'll have a patch in a little while.
> That's fantastic, thanks!
This is gonna take longer than I thought.
regards, tom lane
