Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit809ae06

Browse files
committed
Patch for:
The following patch to src/backend/libpq/pqpacket.c provides additionalchecking for bad packet length data. It was tested with the Linux telnetclient, with netcat using the numbers.txt and by dumping random numbersinto the port.Patch by: Alvaro Martinez Echevarria <alvaro@lander.es>
1 parentd937b4e commit809ae06

File tree

1 file changed

+17
-1
lines changed

1 file changed

+17
-1
lines changed

‎src/backend/libpq/pqpacket.c‎

Lines changed: 17 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
*
99
*
1010
* IDENTIFICATION
11-
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.2 1996/11/06 08:48:31 scrappy Exp $
11+
* $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.3 1997/02/13 08:06:36 scrappy Exp $
1212
*
1313
*-------------------------------------------------------------------------
1414
*/
@@ -124,6 +124,22 @@ PacketReceive(Port *port,/* receive port */
124124
return(STATUS_NOT_DONE);
125125
}
126126
}else {
127+
/*
128+
* This is an attempt to shield the Postmaster
129+
* from mallicious attacks by placing tighter
130+
* restrictions on the reported packet length.
131+
*
132+
* Check for negative packet length
133+
*/
134+
if ((buf->len) <=0) {
135+
return(STATUS_INVALID);
136+
}
137+
/*
138+
* Check for oversize packet
139+
*/
140+
if ((ntohl(buf->len))>max_size) {
141+
return(STATUS_INVALID);
142+
}
127143
/*
128144
* great. got the header. now get the true length (including
129145
* header size).

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp