From a1c218cae433d234c82546f50408c86a94f63dbc Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Tue, 27 Aug 2002 16:21:51 +0000 Subject: The attached patch implements the password packet length sanity check (using an elog(LOG) ), as well as includes a few more comment fixes. Neil Conway --- src/backend/libpq/auth.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'src/backend/libpq/auth.c') diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c index a36535cb974..edca733669d 100644 --- a/src/backend/libpq/auth.c +++ b/src/backend/libpq/auth.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.84 2002/08/27 15:15:22 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/libpq/auth.c,v 1.85 2002/08/27 16:21:50 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -808,6 +808,17 @@ recv_and_check_password_packet(Port *port) pfree(buf.data); return STATUS_EOF; } + /* + * We don't actually use the password packet length the frontend + * sent us; however, it's a reasonable sanity check to ensure that + * we actually read as much data as we expected to. + * + * The password packet size is the length of the buffer, plus the + * size field itself (4 bytes), plus a 1-byte terminator. + */ + if (len != (buf.len + 4 + 1)) + elog(LOG, "unexpected password packet size: read %d, expected %d", + buf.len + 4 + 1, len); /* Do not echo password to logs, for security. */ elog(DEBUG5, "received password packet"); -- cgit v1.2.3