Hi hackers,

1.  If you set up a pg_hba.conf with a URL that lacks a base DN or
hostname, hba.c will segfault on startup when it tries to pstrdup a
null pointer.  Examples: ldapurl="ldap://localhost"; and

2.  If we fail to bind but have no binddn configured, we'll pass NULL
to ereport (snprint?) for %s, which segfaults on some libc
implementations.  That crash requires more effort to reproduce but you
can see pretty clearly a few lines above in auth.c that it can be
NULL.  (I'm surprised Coverity didn't complain about that.  Maybe it
can't see this code due to macros.)

Please see attached.

Thomas Munro

Attachment: ldap-fixes.patch
Description: Binary data

Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:

Reply via email to