Re: BUG #5687: RADIUS Authentication issues - Mailing list pgsql-bugs

From Magnus Hagander
Subject Re: BUG #5687: RADIUS Authentication issues
Date
Msg-id AANLkTimfM5fhAXq-hY2Sw-61ESywuYgBpes1TEw5surY@mail.gmail.com
Whole thread Raw
In response to Re: BUG #5687: RADIUS Authentication issues  (Alan T DeKok <aland@freeradius.org>)
Responses Re: BUG #5687: RADIUS Authentication issues
List pgsql-bugs
On Tue, Oct 5, 2010 at 19:11, Alan T DeKok <aland@freeradius.org> wrote:
> Magnus Hagander wrote:
>> Actually, nevermind that one. Here's a patch I worked up from your
>> description, and that turns out to be fairly similar to yours in what
>> it does I think - except I'm not rearranging the code into a separate
>> function. We already have a while-loop.
>
> =A0Thanks. =A0The only comment I have is that the hard-code 100000 could =
be
> USECS_PER_SEC.

That's hardcoded elsewhere in the backend though, and we've not used
USECS_PER_SEC anywhere else. So for consistency..


>> See attached context diff, and I've also included a diff without
>> whitespace changes since the majority of the diff is otherwise coming
>> from indenting the code one tab...
>>
>> (so far untested, I seem to have deleted my test-instance of the
>> radius server, but I figured I should post my attempt anyway)
>
> =A0I can set up a test server if you want.

Nah, I should get mine back up.

If you can test the complete patch in your environment (particularly
if you already have a "bad packet injector" that you know creates the
issue on 9.0), that would be great though.


>> Also, my patch does not change from log to warning - note that warning
>> is actually *below* log when it comes to the logfile (see
>> log_min_messages comments in postgresql.conf). I keep making that
>> mistake myself...
>
> =A0OK. =A0My only interest there was to ensure that a DoS attack wouldn't
> result in the log being flooded with "invalid packet" messages.

Uh, how exactly does your patch prevent that?

--=20
=A0Magnus Hagander
=A0Me: http://www.hagander.net/
=A0Work: http://www.redpill-linpro.com/

pgsql-bugs by date:

Previous
From: Boris Bondarenko
Date:
Subject: Re: BUG #5697: Infinite loop inside PQexecStart function
Next
From: Alan T DeKok
Date:
Subject: Re: BUG #5687: RADIUS Authentication issues