Prevent problem with extra-long password packets from allocating lots of

memory.

Neil Conway

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 97c928d9003b7996ecc948529538be8f19595b44..fb43f8e4af8e2c3c70efd150e712f285c4d1fbed 100644 (file)
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.86 2002/08/29 03:22:01 tgl Exp $
+ *       $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.87 2002/08/29 21:50:36 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -709,6 +709,20 @@ recv_and_check_password_packet(Port *port)
        if (pq_eof() == EOF || pq_getint(&len, 4) == EOF)
                return STATUS_EOF;              /* client didn't want to send password */
 
+       /*
+        * Since the remote client has not yet been authenticated, we need
+        * to be careful when using the data they send us. The 8K limit is
+        * arbitrary, and somewhat bogus: the intent is to ensure we don't
+        * allocate an enormous chunk of memory.
+        */
+
+       if (len < 1 || len > 8192)
+       {
+               elog(LOG, "Invalid password packet length: %d; "
+                        "must satisfy 1 <= length <= 8192", len);
+               return STATUS_EOF;
+       }
+
        initStringInfo(&buf);
        if (pq_getstr(&buf) == EOF) /* receive password */
        {