Re: BUG #18769: ldapscheme is not displayed in pg_hba_file_rules - Mailing list pgsql-bugs

> On 12 Jan 2025, at 16:55, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
> Daniel Gustafsson <daniel@yesql.se> writes:
>> I'm planning to do it today, so no need to add it. Thanks!
>
> Our weekly Coverity run complained about this in all branches:
>
> *** CID 181934:  Memory - corruptions  (OVERRUN)
> /srv/coverity/git/pgsql-git/13stable/src/backend/libpq/hba.c: 2368 in gethba_options()
> 2362      if (hba->ldapsearchfilter)
> 2363      options[noptions++] =
> 2364      CStringGetTextDatum(psprintf("ldapsearchfilter=%s",
> 2365      hba->ldapsearchfilter));
> 2366
> 2367      if (hba->ldapscope)
>>>>    CID 181934:  Memory - corruptions  (OVERRUN)
>>>>    Overrunning array "options" of 14 8-byte elements at element index 14 (byte offset 119) using index
"noptions++"(which evaluates to 14). 
> 2368      options[noptions++] =
> 2369      CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
> 2370      }
> 2371
> 2372      if (hba->auth_method == uaRADIUS)
> 2373      {
>
> Looks like you should have increased MAX_HBA_OPTIONS.  The comment
> just above that macro needs work too.

Ugh, I missed that when reading over the function.  Thanks for the report, I'll
get it fixed tonight.

--
Daniel Gustafsson