[pgpool-general: 894] Re: read_startup_packet: out of memory
Philip Hofstetter
phofstetter at sensational.ch
Wed Aug 15 22:32:40 JST 2012
Hello,
On Wed, Aug 15, 2012 at 7:52 AM, Tatsuo Ishii <ishii at postgresql.org> wrote:
> I was wrong. pgool tried to allocate (-2139750145) bytes (actually
> this is a huge positive number from malloc's point of view, since it's
> argument is unsigned, rather than int) and failed. Of course in this
> case pgpool should not try to allocate memory.
> I have fixed this for master to all supported branches.
This is actually a denial of service issue as an unauthenticated
attacker could easily make pgpool allocate all available memory,
causing the machine to swap and likely not accept any further
legitimate connections.
Maybe release a security-update for all supported versions?
OTOH, people probably shouldn't be running pgpool in a non-trusted
network, so it's not that big of a deal.
Philip
More information about the pgpool-general
mailing list