Possible buffer overrun in src/backend/libpq/hba.c gethba_options()

Поиск
Список
Период
Сортировка
От Julian Hsiao
Тема Possible buffer overrun in src/backend/libpq/hba.c gethba_options()
Дата
Msg-id CADnGQpzbkWdKS2YHNifwAvX5VEsJ5gW49U4o-7UL5pzyTv4vTg@mail.gmail.com
обсуждение исходный текст
Ответы Re: Possible buffer overrun in src/backend/libpq/hba.c gethba_options()  (Thomas Munro <thomas.munro@enterprisedb.com>)
Список pgsql-hackers
Дерево обсуждения 
Hi,

During a routine Coverity scan of our internal PostgreSQL fork, it
issued a buffer overrun warning for src/backend/libpq/hba.c,
gethba_options()[0]:

MAIN_ISSUE EventDescription: Overrunning array "options" of 12 8-byte
elements at element index 12 (byte offset 96) using index "noptions++"
(which evaluates to 12).
[...]
        if (hba->ldapscope)
            options[noptions++] =
                CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
[...]

This is because earlier in the function[1], if hba->usermap,
hba->clientcert, and hba->pamservice were set then noptions would
exceed MAX_HBA_OPTIONS. Of course, if those options are mutually
exclusive with hba->auth_method == uaLDAP, then it's a false positive.
Is that the case, or should MAX_HBA_OPTIONS be increased?

Thanks.

[0] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2307
[1] https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2249

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Peter Geoghegan
Дата:
Сообщение: Re: Making all nbtree entries unique by having heap TIDs participatein comparisons
Следующее
От: "Yotsunaga, Naoki"
Дата:
Сообщение: RE: [Proposal] Add accumulated statistics for wait event