Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com>
Cc: pgsql-bugs(at)lists(dot)postgresql(dot)org
Subject: Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Date: 2021-06-23 16:02:40
Message-ID: 2249065.1624464160@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Sudheer H R <sudheer(dot)hr(at)tekenlight(dot)com> writes:
> Built with —with-gssapi and the problem occurs again.

Hmph. I can't reproduce this on RHEL8: so far as I can tell, the string
is physically null-terminated, and clang's address sanitizer doesn't
complain either. Still, given the vagueness of the spec for
gss_display_status, it seems wise to not assume that every GSS
implementation acts the same.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2021-06-23 18:03:50 Re: Found a buffer-overflow defect in asynchronous database connection API PQconnectPoll
Previous Message Alexander Korotkov 2021-06-23 15:31:05 Re: BUG #17066: Cache lookup failed when null (unknown) is passed as anycompatiblemultirange