sshhan
a1fff50935
fix(postgres): prevent uint32 underflow & OOM in message parsing ( #10099 )
...
* fix(postgres): prevent uint32 underflow & OOM in message parsing
* postgres: drop redundant startup guard, use maxStartupMessageSize const
The msgTotalLen < 8 check already guarantees msgLength >= 4, so the extra
msgLength < 4 guard before reading the protocol version was unreachable.
Point the startup size limit at maxStartupMessageSize instead of a literal.
* postgres: trim query terminator safely, cap pre-auth payloads
Use strings.TrimSuffix for the simple-query null terminator so a
non-null-terminated body isn't silently shortened, matching the auth
handlers. Bound password/MD5 reads with a dedicated maxAuthMessageSize
(10 KiB) instead of the 100 MiB maxMessageSize, since these payloads are
read before authentication.
---------
Co-authored-by: shangshuhan <shangshuhan@cmict.chinamobile.com >
Co-authored-by: Chris Lu <chris.lu@gmail.com >
2026-06-24 20:05:43 -07:00
..
2025-11-04 13:02:22 -08:00
2026-05-06 19:14:36 -07:00
2026-03-18 13:20:55 -07:00
2026-06-24 20:05:43 -07:00
2026-01-03 22:45:48 -08:00
2026-06-23 20:20:11 -07:00
2026-06-23 20:20:11 -07:00
2026-06-01 15:11:02 -07:00
2026-05-24 11:41:08 -07:00
2026-05-24 11:41:08 -07:00
2026-05-23 14:22:42 -07:00
2026-03-30 23:29:56 -07:00
2026-03-30 23:29:56 -07:00
2026-01-07 13:06:08 -08:00
2026-04-21 23:00:11 -07:00
2026-04-21 23:00:11 -07:00
2026-05-31 00:13:36 -07:00
2026-05-25 13:14:05 -07:00
2026-05-25 13:14:05 -07:00
2026-06-06 18:02:28 -07:00
2026-04-22 17:56:15 -07:00
2026-05-23 14:22:42 -07:00
2026-05-23 21:40:41 -07:00
2026-04-21 11:25:09 -07:00
2026-04-21 11:25:09 -07:00
2026-04-21 11:25:09 -07:00
2026-04-21 11:25:09 -07:00
2026-06-10 13:08:34 -07:00
2026-06-10 13:08:34 -07:00
2026-06-14 21:44:10 -07:00
2026-06-14 21:44:10 -07:00
2026-03-29 14:18:24 -07:00
2026-06-03 10:28:42 -07:00
2026-06-03 10:28:42 -07:00
2026-06-24 16:31:58 -07:00
2026-06-11 21:56:16 -07:00
2026-03-23 18:35:15 -07:00
2026-06-24 19:36:42 -07:00
2026-05-15 13:15:20 -07:00
2026-05-15 13:15:20 -07:00
2026-03-11 23:32:09 -07:00
2026-06-24 19:36:42 -07:00
2026-01-07 13:06:08 -08:00
2026-06-04 22:26:08 -07:00
2026-05-23 21:40:41 -07:00
2026-05-23 21:40:41 -07:00
2025-08-21 08:28:07 -07:00
2026-04-16 15:51:13 -07:00
2026-06-11 21:56:16 -07:00
2026-06-22 11:21:29 -07:00
2026-02-20 18:42:00 -08:00
2026-04-16 15:51:13 -07:00
2026-05-23 21:40:41 -07:00
2026-06-24 10:47:11 -07:00
2026-05-21 10:19:59 -07:00
2026-06-01 15:11:02 -07:00
2026-06-04 22:26:08 -07:00
2026-01-07 13:06:08 -08:00
2025-12-19 00:15:39 -08:00
2026-04-04 11:50:43 -07:00
2026-06-01 20:33:37 -07:00
2026-06-19 11:05:43 -07:00
2026-06-21 23:11:12 -07:00
2026-06-01 20:33:37 -07:00
2025-11-26 08:01:19 -08:00
2026-06-24 19:36:42 -07:00
2026-06-04 22:26:08 -07:00
2026-03-18 23:28:07 -07:00
2026-02-09 07:46:34 -08:00
2026-03-18 23:28:07 -07:00
2026-04-15 12:29:31 -07:00
2026-04-10 17:31:14 -07:00
2026-06-01 15:11:02 -07:00
2026-05-11 13:50:48 -07:00
2026-05-11 13:50:48 -07:00
2026-06-10 13:33:45 -07:00
2026-06-13 20:05:33 -07:00
2026-05-31 23:42:33 -07:00
2026-06-13 20:05:33 -07:00
2026-06-14 01:54:04 -07:00
2026-06-14 06:36:50 -07:00
2026-06-10 22:31:18 -07:00
2026-06-14 06:36:50 -07:00
2026-05-11 13:50:19 -07:00
2026-04-22 11:22:21 -07:00
2026-05-12 10:11:20 -07:00
2026-06-13 21:52:59 -07:00
2026-05-31 18:52:44 -07:00
2026-02-06 10:58:43 -08:00
2026-02-02 13:21:02 -08:00
2026-06-13 20:09:00 -07:00
2026-06-13 20:09:00 -07:00
2026-06-13 15:11:39 -07:00
2026-06-13 15:11:39 -07:00
2026-05-04 21:14:55 -07:00
2026-04-03 16:04:27 -07:00
2026-04-27 12:22:42 -07:00
2025-11-26 08:01:19 -08:00
2026-04-24 11:45:21 -07:00
2026-06-04 22:26:08 -07:00
2026-06-04 22:26:08 -07:00
2026-06-01 15:11:02 -07:00
2026-06-11 21:56:16 -07:00
2026-06-11 21:56:16 -07:00