Home > mailing lists

fix for palloc() of user-supplied length - Mailing list pgsql-patches

From	Neil Conway
Subject	fix for palloc() of user-supplied length
Date	August 27, 2002 21:14:01
Msg-id	878z2s0x43.fsf@mailbox.samurai.com Whole thread Raw
Responses	Re: fix for palloc() of user-supplied length (Tom Lane <tgl@sss.pgh.pa.us>) Re: fix for palloc() of user-supplied length (Bruce Momjian <pgman@candle.pha.pa.us>)
List	pgsql-patches

Tree view

This patch fixes the so-called DoS possibility when processing the
password packet in recv_and_check_passwordv0(). Nothing fancy, I just
added a sanity check to ensure that we bail out if the client enters
an obviously-bogus length.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

Attachment

ver_zero_auth-1.patch

pgsql-patches by date:

From: Joe Conway
Date: 27 August 2002, 21:05:06
Subject: Re: rules regression test fix

From: Tom Lane
Date: 27 August 2002, 21:18:40
Subject: Re: rules regression test fix

fix for palloc() of user-supplied length - Mailing list pgsql-patches

Attachment

Previous

Next