From 809ae06ab2fa2c8c442582b06e459bcf63554310 Mon Sep 17 00:00:00 2001
From: "Marc G. Fournier" <scrappy@hub.org>
Date: Thu, 13 Feb 1997 08:06:36 +0000
Subject: [PATCH] Patch for:

The following patch to src/backend/libpq/pqpacket.c provides additional
checking for bad packet length data. It was tested with the Linux telnet
client, with netcat using the numbers.txt and by dumping random numbers
into the port.

Patch by: Alvaro Martinez Echevarria <alvaro@lander.es>
---
 src/backend/libpq/pqpacket.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/backend/libpq/pqpacket.c b/src/backend/libpq/pqpacket.c
index 5b2ce7e6ad..eddeb97040 100644
--- a/src/backend/libpq/pqpacket.c
+++ b/src/backend/libpq/pqpacket.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *    $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.2 1996/11/06 08:48:31 scrappy Exp $
+ *    $Header: /cvsroot/pgsql/src/backend/libpq/Attic/pqpacket.c,v 1.3 1997/02/13 08:06:36 scrappy Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -124,6 +124,22 @@ PacketReceive(Port *port,	/* receive port */
 		return(STATUS_NOT_DONE);
 	    }
 	} else {
+	    /*
+	     * This is an attempt to shield the Postmaster
+	     * from mallicious attacks by placing tighter
+	     * restrictions on the reported packet length. 
+	     *
+	     * Check for negative packet length
+	     */
+	     if ((buf->len) <= 0) {
+		return(STATUS_INVALID);
+	     }
+	    /*
+	     * Check for oversize packet
+	     */
+	     if ((ntohl(buf->len)) > max_size) {
+		return(STATUS_INVALID);
+	     }
 	    /*
 	     * great. got the header. now get the true length (including
 	     * header size).