| From: | Julian Hsiao <jhsiao(at)salesforce(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Possible buffer overrun in src/backend/libpq/hba.c gethba_options() |
| Date: | 2018-11-13 02:02:22 |
| Message-ID: | CADnGQpzbkWdKS2YHNifwAvX5VEsJ5gW49U4o-7UL5pzyTv4vTg@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi,
During a routine Coverity scan of our internal PostgreSQL fork, it
issued a buffer overrun warning for src/backend/libpq/hba.c,
gethba_options()[0]:
MAIN_ISSUE EventDescription: Overrunning array "options" of 12 8-byte
elements at element index 12 (byte offset 96) using index "noptions++"
(which evaluates to 12).
[...]
if (hba->ldapscope)
options[noptions++] =
CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
[...]
This is because earlier in the function[1], if hba->usermap,
hba->clientcert, and hba->pamservice were set then noptions would
exceed MAX_HBA_OPTIONS. Of course, if those options are mutually
exclusive with hba->auth_method == uaLDAP, then it's a false positive.
Is that the case, or should MAX_HBA_OPTIONS be increased?
Thanks.
[0] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2307
[1] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2249
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yotsunaga, Naoki | 2018-11-13 02:04:13 | RE: [Proposal] Add accumulated statistics for wait event |
| Previous Message | Peter Geoghegan | 2018-11-13 01:47:45 | Re: Making all nbtree entries unique by having heap TIDs participate in comparisons |