Home > mailing lists

psql with GSS can crash - Mailing list pgsql-hackers

From	Zdenek Kotala
Subject	psql with GSS can crash
Date	February 25, 2010 13:02:09
Msg-id	4B868361.2040507@sun.com Whole thread Raw
Responses	Re: psql with GSS can crash
List	pgsql-hackers

Tree view

Hi all,

I got following stack:
 fffffd7ffed14b70 strlen () + 40 fffffd7ffed71665 snprintf () + e5 fffffd7fff36d088 pg_GSS_startup () + 88
fffffd7fff36d43apg_fe_sendauth () + 15a fffffd7fff36e557 PQconnectPoll () + 3b7 fffffd7fff36e152 connectDBComplete () +
a2fffffd7fff36dc32 PQsetdbLogin () + 1b2 000000000041e96d main () + 30d 000000000041302c ???????? ()
 

It seems that connection is not fully configured and krbsrvname or 
pghost is not filled. Following code in fe-auth.c pg_GSS_startup() 
causes a crash:
    440     maxlen = NI_MAXHOST + strlen(conn->krbsrvname) + 2;    441     temp_gbuf.value = (char *) malloc(maxlen);
442     snprintf(temp_gbuf.value, maxlen, "%s@%s",    443              conn->krbsrvname, conn->pghost);    444
temp_gbuf.length= strlen(temp_gbuf.value);
 

And following code in fe-connect.c fillPGconn() fill NULL value.
    571     tmp = conninfo_getval(connOptions, "krbsrvname");    572     conn->krbsrvname = tmp ? strdup(tmp) : NULL;

I think that pg_GSS_startup should sanity the input.
Zdenek

pgsql-hackers by date:

From: Rémi Zara
Date: 25 February 2010, 12:51:35
Subject: Re: NaN/Inf fix for ECPG

From: Magnus Hagander
Date: 25 February 2010, 13:18:07
Subject: Re: psql with GSS can crash

psql with GSS can crash - Mailing list pgsql-hackers

Previous

Next