sharpetronics/PostgreSQL
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-10-31 00:03:57 -04:00
Code Issues Projects Releases Wiki Activity

The attached patch implements the password packet length sanity check

Browse Source 
(using an elog(LOG) ), as well as includes a few more comment fixes.

Neil Conway
This commit is contained in:
Bruce Momjian 2002-08-27 16:21:51 +00:00
parent dbf261f588
commit a1c218cae4
3 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/backend/libpq/auth.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.84 2002/08/27 15:15:22 momjian Exp $
* $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.85 2002/08/27 16:21:50 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -808,6 +808,17 @@ recv_and_check_password_packet(Port *port)
pfree(buf.data);
return STATUS_EOF;
}
/*
* We don't actually use the password packet length the frontend
* sent us; however, it's a reasonable sanity check to ensure that
* we actually read as much data as we expected to.
*
* The password packet size is the length of the buffer, plus the
* size field itself (4 bytes), plus a 1-byte terminator.
*/
if (len != (buf.len + 4 + 1))
elog(LOG, "unexpected password packet size: read %d, expected %d",
buf.len + 4 + 1, len);
/* Do not echo password to logs, for security. */
elog(DEBUG5, "received password packet");

13
src/include/libpq/pqcomm.h
View File

@ -9,7 +9,7 @@
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
* $Id: pqcomm.h,v 1.67 2002/08/27 15:15:23 momjian Exp $
* $Id: pqcomm.h,v 1.68 2002/08/27 16:21:51 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -111,16 +111,13 @@ typedef uint32 PacketLen;
*/
/*
* FIXME: remove the fixed size limitations on database & user name, use
* variable length fields instead. The actual values will still be
* limited by NAMEDATALEN, but this will at least allow changing
* NAMEDATALEN to increase database & user name limits without changing
* the protocol. -neilc, 2002/08/27
* FIXME: remove the fixed size limitations on the database name, user
* name, and options fields and use a variable length field instead. The
* actual limits on database & user name will then be NAMEDATALEN, which
* can be changed without changing the FE/BE protocol. -neilc,2002/08/27
*/
/* These should all be of near-unlimited length, perhap 10k */
#define SM_DATABASE 64
/* SM_USER should be the same size as the others. bjm 2002-06-02 */
#define SM_USER 32
/* We append database name if db_user_namespace true. */
#define SM_DATABASE_USER (SM_DATABASE+SM_USER+1) /* +1 for @ */

13
src/interfaces/libpq/fe-connect.c
View File

@ -8,7 +8,7 @@
*
*
* IDENTIFICATION
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.196 2002/08/27 15:02:50 momjian Exp $
* $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-connect.c,v 1.197 2002/08/27 16:21:51 momjian Exp $
*
*-------------------------------------------------------------------------
*/
@ -1132,7 +1132,7 @@ connectDBComplete(PGconn *conn)
/*
* If connecting timeout is set, calculate remain time.
*/
if (NULL != rp)
if (rp != NULL)
{
if (gettimeofday(&finish_time, NULL) == -1)
{
@ -1152,8 +1152,8 @@ connectDBComplete(PGconn *conn)
remains.tv_sec -= finish_time.tv_sec - start_time.tv_sec;
}
}
conn->status = CONNECTION_BAD;
return 0;
conn->status = CONNECTION_BAD;
return 0;
}
/* ----------------
@ -1162,7 +1162,8 @@ connectDBComplete(PGconn *conn)
* Poll an asynchronous connection.
*
* Returns a PostgresPollingStatusType.
* Before calling this function, use select(2) to determine when data arrive.
* Before calling this function, use select(2) to determine when data
* has arrived..
*
* You must call PQfinish whether or not this fails.
*
@ -1356,7 +1357,7 @@ keep_going: /* We will come back to here until there
{
if (pqGets(&conn->errorMessage, conn))
{
/* We'll come back when there are more data */
/* We'll come back when there is more data */
return PGRES_POLLING_READING;
}
/* OK, we read the message; mark data consumed */