Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

From	Shridhar Daithankar
Subject	Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL
Date	August 26, 2002 13:54:46
Msg-id	3D6A8EAB.31690.244677E0@localhost Whole thread Raw
In response to	@(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL (Sir Mordred The Traitor <mordred@s-mail.com>)
List	pgsql-hackers

Tree view

On 26 Aug 2002 at 14:46, Sir Mordred The Traitor wrote:
> [snip]
> static int recv_and_check_password0(Port *port) {
>     int32 len;
>     char *buf;
>  
>     if (pq_getint(&len, 4) == EOF)
>         return STATUS_EOF;
>     len -= 4;
>     buf = palloc(len); /* len is taken from a packet */
> [snip]

So that should read,
buf=palloc((len>LENMAX?SAFELEN:len));

is what you want to say? 

sounds good to me.. But if it is taken from the packet, won't that be tripped 
to MTA size? Just a naïve question. Never saw much of postgres code myself..


ByeShridhar

--
Wilcox's Law:    A pat on the back is only a few centimeters from a kick in the 
pants.

pgsql-hackers by date:

From: Sir Mordred The Traitor
Date: 26 August 2002, 13:46:18
Subject: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

From: Tom Lane
Date: 26 August 2002, 14:02:53
Subject: Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL

Re: @(#)Mordred Labs advisory 0x0007: Remove DoS in PostgreSQL - Mailing list pgsql-hackers

Previous

Next