| From: | Serguei Mokhov <mokhov(at)cs(dot)concordia(dot)ca> |
|---|---|
| To: | Neil Conway <neilc(at)samurai(dot)com> |
| Cc: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>, PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: fix for palloc() of user-supplied length |
| Date: | 2002-08-28 04:07:22 |
| Message-ID: | 1030507642.3d6c4c7a46df3@mailhost.cs.concordia.ca |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers pgsql-patches |
Quoting Neil Conway <neilc(at)samurai(dot)com>:
> I've attached a revised patch that includes the additional check Tom
> suggested (len < 1). Unless anyone else steps forward, I'm inclined to
+ if (len < 1 || len > 8192)
+ {
+ elog(LOG, "Password packet length too long: %d", len);
^^^^^^^^
Shouldn't it be changed to 'too long || too long' then? ;)
And also for the message to be more descriptive for the innocent, I'd included
the current boundaries in it (like: "expected: 1 <= len <= 8192")
(a question: isn't hardcoding an evil?)
But I guess it's not a must-to-do on your list :)
--
Serguei A. Mokhov, <mailto: mokhov @ cs.concordia.ca>
Computer Science, Concordia University
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Serguei Mokhov | 2002-08-28 04:12:26 | Re: fix for palloc() of user-supplied length |
| Previous Message | Neil Conway | 2002-08-28 03:39:15 | Re: fix for palloc() of user-supplied length |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Serguei Mokhov | 2002-08-28 04:12:26 | Re: fix for palloc() of user-supplied length |
| Previous Message | Neil Conway | 2002-08-28 03:39:15 | Re: fix for palloc() of user-supplied length |