Quoting Neil Conway <neilc@samurai.com>:
> I've attached a revised patch that includes the additional check Tom
> suggested (len < 1). Unless anyone else steps forward, I'm inclined to
+ if (len < 1 || len > 8192)
+ {
+ elog(LOG, "Password packet length too long: %d", len);
^^^^^^^^
Shouldn't it be changed to 'too long || too long' then? ;)
And also for the message to be more descriptive for the innocent, I'd included
the current boundaries in it (like: "expected: 1 <= len <= 8192")
(a question: isn't hardcoding an evil?)
But I guess it's not a must-to-do on your list :)
--
Serguei A. Mokhov, <mailto: mokhov @ cs.concordia.ca>
Computer Science, Concordia University
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/