Commit3cb282f

committed

Guard against array overrun, per report from Yichen Xie. This case

can only occur if the constant DEFAULT_CLIENT_AUTHSVC is given a bogusvalue, so it doesn't seem worth back-patching, but I'll fix it in HEAD.

1 parent23b8a0c commit3cb282fCopy full SHA for 3cb282f

File tree

+12

-1

lines changed

+12

-1

lines changed

Lines changed: 12 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,7 @@`
`10`	`10`	`* exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).`
`11`	`11`	`*`
`12`	`12`	`* IDENTIFICATION`
`13`		`- * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.72 2002/12/03 22:09:20 momjian Exp $`
	`13`	`+ * $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.73 2003/01/29 01:18:21 tgl Exp $`
`14`	`14`	`*`
`15`	`15`	`*-------------------------------------------------------------------------`
`16`	`16`	`*/`
`@@ -686,7 +686,14 @@ MsgType`
`686`	`686`	`fe_getauthsvc(char*PQerrormsg)`
`687`	`687`	`{`
`688`	`688`	`if (pg_authsvc<0\|\|pg_authsvc >=n_authsvcs)`
	`689`	`+{`
`689`	`690`	`fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC,PQerrormsg);`
	`691`	`+if (pg_authsvc<0\|\|pg_authsvc >=n_authsvcs)`
	`692`	`+{`
	`693`	`+/* Can only get here if DEFAULT_CLIENT_AUTHSVC is misdefined */`
	`694`	`+return0;`
	`695`	`+}`
	`696`	`+}`
`690`	`697`	`returnauthsvcs[pg_authsvc].msgtype;`
`691`	`698`	`}`
`692`	`699`
`@@ -704,6 +711,10 @@ fe_getauthname(char *PQerrormsg)`
`704`	`711`
`705`	`712`	`authsvc=fe_getauthsvc(PQerrormsg);`
`706`	`713`
	`714`	`+/* this just guards against broken DEFAULT_CLIENT_AUTHSVC, see above */`
	`715`	`+if (authsvc==0)`
	`716`	`+returnNULL;/* leave original error message in place */`
	`717`	`+`
`707`	`718`	`#ifdefKRB4`
`708`	`719`	`if (authsvc==STARTUP_KRB4_MSG)`
`709`	`720`	`name=pg_krb4_authname(PQerrormsg);`

Comments

(0)