Re: fix for palloc() of user-supplied length
| От | Bruce Momjian |
|---|---|
| Тема | Re: fix for palloc() of user-supplied length |
| Дата | |
| Msg-id | 200209020505.g8255d504818@candle.pha.pa.us обсуждение исходный текст |
| Ответ на | Re: fix for palloc() of user-supplied length (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-patches |
Would someone submit a patch for this? --------------------------------------------------------------------------- Tom Lane wrote: > Neil Conway <neilc@samurai.com> writes: > > (2) The length supplied by the user is completely ignored by > > the code, and it simply reads the input until it sees a > > NULL terminator (read the comments in the code about 10 > > lines down.) Therefore, any sanity checking on the length > > specified by the user is a waste of time. > > Agreed; the fact that the protocol requires a length word at all is just > a hangover from the past. We can read the length word and forget it. > > I wonder though if it'd be worthwhile to limit the length of the string > that we are willing to read from the client in the second step. We are > at this point dealing with an unauthenticated user, so we should be > untrusting. And I think Sir Mordred has a point: forcing a backend to > allocate a lot of memory can be a form of DoS attack. > > regards, tom lane > > ---------------------------(end of broadcast)--------------------------- > TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org > -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 359-1001 + If your life is a hard drive, | 13 Roberts Road + Christ can be your backup. | Newtown Square, Pennsylvania 19073
В списке pgsql-patches по дате отправления: