Guard against array overrun, per report from Yichen Xie. This case

can only occur if the constant DEFAULT_CLIENT_AUTHSVC is given a bogus value, so it doesn't seem worth back-patching, but I'll fix it in HEAD.

Guard against array overrun, per report from Yichen Xie. This case
can only occur if the constant DEFAULT_CLIENT_AUTHSVC is given a bogus value, so it doesn't seem worth back-patching, but I'll fix it in HEAD.
3cb282f3 · Tom Lane · 23b8a0ce · 3cb282f3
Commit 3cb282f3 authored Jan 29, 2003 by Tom Lane
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 1 deletion

src/interfaces/libpq/fe-auth.c src/interfaces/libpq/fe-auth.c +12 -1

No files found.
--- a/src/interfaces/libpq/fe-auth.c
+++ b/src/interfaces/libpq/fe-auth.c
@@ -10,7 +10,7 @@
 * exceed INITIAL_EXPBUFFER_SIZE (currently 256 bytes).
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.72 2002/12/03 22:09:20 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/interfaces/libpq/fe-auth.c,v 1.73 2003/01/29 01:18:21 tgl Exp $
 *
 *-------------------------------------------------------------------------
 */
@@ -686,7 +686,14 @@ MsgType
 fe_getauthsvc(char *PQerrormsg)
 {
 	if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs)
+	{
 		fe_setauthsvc(DEFAULT_CLIENT_AUTHSVC, PQerrormsg);
+		if (pg_authsvc < 0 || pg_authsvc >= n_authsvcs)
+		{
+			/* Can only get here if DEFAULT_CLIENT_AUTHSVC is misdefined */
+			return 0;
+		}
+	}
 	return authsvcs[pg_authsvc].msgtype;
 }

@@ -704,6 +711,10 @@ fe_getauthname(char *PQerrormsg)

 	authsvc = fe_getauthsvc(PQerrormsg);

+	/* this just guards against broken DEFAULT_CLIENT_AUTHSVC, see above */
+	if (authsvc == 0)
+		return NULL;			/* leave original error message in place */
+
 #ifdef KRB4
 	if (authsvc == STARTUP_KRB4_MSG)
 		name = pg_krb4_authname(PQerrormsg);