[PATCH] Fix unbounded authentication exchanges during PQconnectPoll()
Jacob Champion <jchampion@timescale.com>
From: Jacob Champion <jchampion@timescale.com>
To: PostgreSQL Hackers <pgsql-hackers@lists.postgresql.org>
Cc: Peter Eisentraut <peter.eisentraut@enterprisedb.com>
Date: 2023-02-13T23:22:11Z
Lists: pgsql-hackers
Attachments
- PQconnectPoll-fix-unbounded-authentication-exchanges.patch (text/x-patch) patch
Hello, This is closely related to the prior conversation at [1]. There are a couple places in CONNECTION_AWAITING_RESPONSE where libpq will read a huge number of bytes from a server that we really should have hung up on. The attached patch adds a length check for the v2 error compatibility case, and updates the v3 error handling to jump to error_return rather than asking for more data. The existing error_return paths have been updated for consistency. Thanks, --Jacob [1] https://www.postgresql.org/message-id/a5c5783d-73f3-acbc-997f-1649a7406029%40timescale.com
Commits
-
Check for unbounded authentication exchanges in libpq.
- 5e044471a1aa 16.0 landed