Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Date	August 26, 2002 14:02:53
Msg-id	23333.1030374176@sss.pgh.pa.us Whole thread Raw
In response to	@(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL (Sir Mordred The Traitor <mordred@s-mail.com>)
Responses	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-hackers

Tree view

Sir Mordred The Traitor <mordred@s-mail.com> writes:
> Note, that the size of palloced memory is taken from the user's input,
> which is stupid if you ask me.

Beyond causing an "out of memory" error during the handshake, I fail to
see how there can be any problem.  palloc is considerably more robust
than malloc.

> I dont want to provide any tools to illustrate this vulnerability.

Perhaps you haven't tried.

It may indeed make sense to put a range check here, but I'm getting
tired of hearing the words "dos attack" applied to conditions that
cannot be exploited to cause any real problem.  All you are
accomplishing is to spread FUD among people who aren't sufficiently
familiar with the code to evaluate the seriousness of problems...
        regards, tom lane

pgsql-hackers by date:

From: "Shridhar Daithankar"
Date: 26 August 2002, 13:54:46
Subject: Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

From: Lamar Owen
Date: 26 August 2002, 14:18:50
Subject: Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

Previous

Next