[HACKERS] [BUG/PATCH] backend crashes during authentication if data/global/pg_pwd is empty

Fri, 05 Dec 2003 08:06:08 -0800 

Hi,

on Solaris 9 with PostgreSQL 7.4:

when you

  - 'initdb' a fresh database,
  - _don't_ set a password for user 'postgres',
  - convert the 'trust' lines in data/pg_hba.conf to 'md5' or 'password'

and then try to connect as user 'postgres', the backend crashes in
backend/libpq/hba.c:372:

    368 static int
    369 user_group_bsearch_cmp(const void *user, const void *list)
    370 {
    371         /* first node is line number */
    372         char       *user2 = lfirst(lnext(*(List **) list));

due to 'list' being NULL, which might mean that 'user_sorted' was never
allocated, due to user_length being zero for an missing or empty
global/pg_pwd:

    916         /* create sorted lines for binary searching */
    917         user_length = length(user_lines);
    918         if (user_length)
    919         {
    920                 int                     i = 0;
    921
    922                 user_sorted = palloc(user_length * sizeof(List *));

I know this is looks like a case of "don't do it, then", but since it's a
backend crash, I would suggest the following fix:

--- postgresql-7.4.orig/src/backend/libpq/hba.c 2003-10-25 05:48:46.000001000 +0200
+++ postgresql-7.4/src/backend/libpq/hba.c      2003-12-05 15:21:54.000003000 +0100
@@ -62,7 +62,7 @@
 static List **user_sorted = NULL;              /* sorted user list, for bsearch() */
 static List **group_sorted = NULL;             /* sorted group list, for
                                                                                 * 
bsearch() */
-static int     user_length;
+static int     user_length = 0;
 static int     group_length;

 static List *tokenize_file(FILE *file);
@@ -395,6 +395,10 @@
 List     **
 get_user_line(const char *user)
 {
+       /* fail if there is nothing to search in */
+       if ((user_sorted == NULL) || (user_length == 0))
+               return NULL;
+
        return (List **) bsearch((void *) user,
                                                         (void *) user_sorted,
                                                         user_length,

The initialization of user_length might not be necessary.

Best wishes, Mike

PS: This might be related to
    http://archives.postgresql.org/pgsql-admin/2003-03/msg00413.php

-- 
Life is like a fire.                            DI Michael Wildpaner
Flames which the passer-by forgets.                    Ph.D. Student
Ashes which the wind scatters.
A man lived.       -- Omar Khayyam

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Reply via email to