Re: fix for palloc() of user-supplied length

Serguei Mokhov <mokhov@cs.concordia.ca> writes:
> +     if (len < 1 || len > 8192)
> +     {
> +         elog(LOG, "Password packet length too long: %d", len);
>                                                   ^^^^^^^^
> Shouldn't it be changed to 'too long || too long' then? ;)

Woops, sorry for being careless. Changed the wording to refer to
'invalid' rather than 'too long' or 'too short'.

> And also for the message to be more descriptive for the innocent, I'd included
> the current boundaries in it (like: "expected: 1 <= len <= 8192")

Also fixed, although I'm not sure it's worth worrying about.

> (a question: isn't hardcoding an evil?)

Yes, probably -- as the comment notes, it is just an arbitrary
limitation. But given that (a) it is extremely unlikely to ever be
encountered in a real-life situation (b) the limits it imposes are
very lax (c) it is temporary code that will be ripped out shortly, I'm
not too concerned...

Thanks for taking a look at the code, BTW.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC