Possible buffer overrun in src/backend/libpq/hba.c gethba_options()
| От | Julian Hsiao |
|---|---|
| Тема | Possible buffer overrun in src/backend/libpq/hba.c gethba_options() |
| Дата | |
| Msg-id | CADnGQpzbkWdKS2YHNifwAvX5VEsJ5gW49U4o-7UL5pzyTv4vTg@mail.gmail.com обсуждение исходный текст |
| Ответы |
Re: Possible buffer overrun in src/backend/libpq/hba.c gethba_options()
|
| Список | pgsql-hackers |
Hi,
During a routine Coverity scan of our internal PostgreSQL fork, it
issued a buffer overrun warning for src/backend/libpq/hba.c,
gethba_options()[0]:
MAIN_ISSUE EventDescription: Overrunning array "options" of 12 8-byte
elements at element index 12 (byte offset 96) using index "noptions++"
(which evaluates to 12).
[...]
if (hba->ldapscope)
options[noptions++] =
CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
[...]
This is because earlier in the function[1], if hba->usermap,
hba->clientcert, and hba->pamservice were set then noptions would
exceed MAX_HBA_OPTIONS. Of course, if those options are mutually
exclusive with hba->auth_method == uaLDAP, then it's a false positive.
Is that the case, or should MAX_HBA_OPTIONS be increased?
Thanks.
[0] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2307
[1] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2249
В списке pgsql-hackers по дате отправления: