git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

libpq: Be strict about cancel key lengths

author Heikki Linnakangas <heikki.linnakangas@iki.fi>

2025年8月22日 11:39:29 +0000 (14:39 +0300)

committer Heikki Linnakangas <heikki.linnakangas@iki.fi>

2025年8月22日 11:39:29 +0000 (14:39 +0300)

The protocol documentation states that the maximum length of a cancel
key is 256 bytes. This starts checking for that limit in libpq.
Otherwise third party backend implementations will probably start
using more bytes anyway. We also start requiring that a protocol 3.0
connection does not send a longer cancel key, to make sure that
servers don't start breaking old 3.0-only clients by accident. Finally
this also restricts the minimum key length to 4 bytes (both in the
protocol spec and in the libpq implementation).

Author: Jelte Fennema-Nio <postgres@jeltef.nl>
Reviewed-by: Jacob Champion <jchampion@postgresql.org>
Discussion: https://www.postgresql.org/message-id/df892f9f-5923-4046-9d6f-8c48d8980b50@iki.fi
Backpatch-through: 18

doc/src/sgml/protocol.sgml patch | blob | blame | history

src/interfaces/libpq/fe-protocol3.c patch | blob | blame | history

diff --git a/doc/src/sgml/protocol.sgml b/doc/src/sgml/protocol.sgml

index e63647c093bad779c9c97c354a4514b52b303b7b..b5395604fb8b793c2670f97ab9d09a4b97cea13e 100644 (file)

--- a/doc/src/sgml/protocol.sgml

+++ b/doc/src/sgml/protocol.sgml

@@ -4136,7 +4136,7 @@ psql "dbname=postgres replication=database" -c "IDENTIFY_SYSTEM;"

message, indicated by the length field.

</para>

<para>

- The maximum key length is 256 bytes. The

+ The minimum and maximum key length are 4 and 256 bytes, respectively. The

<productname>PostgreSQL</productname> server only sends keys up to

32 bytes, but the larger maximum size allows for future server

versions, as well as connection poolers and other middleware, to use

diff --git a/src/interfaces/libpq/fe-protocol3.c b/src/interfaces/libpq/fe-protocol3.c

index 0cca832c06ac8da8adf0df6f9419497143b6905b..8c2d03d8b9f1da1795559febd68e3fc22bd36e19 100644 (file)

--- a/src/interfaces/libpq/fe-protocol3.c

+++ b/src/interfaces/libpq/fe-protocol3.c

@@ -1569,6 +1569,27 @@ getBackendKeyData(PGconn *conn, int msgLength)

cancel_key_len = 5 + msgLength - (conn->inCursor - conn->inStart);

+ if (cancel_key_len != 4 && conn->pversion == PG_PROTOCOL(3, 0))

+ {

+ libpq_append_conn_error(conn, "received invalid BackendKeyData message: cancel key with length %d not allowed in protocol version 3.0 (must be 4 bytes)", cancel_key_len);

+ handleFatalError(conn);

+ return 0;

+ }

+ if (cancel_key_len < 4)

+ {

+ libpq_append_conn_error(conn, "received invalid BackendKeyData message: cancel key with length %d is too short (minimum 4 bytes)", cancel_key_len);

+ handleFatalError(conn);

+ return 0;

+ }

+ if (cancel_key_len > 256)

+ {

+ libpq_append_conn_error(conn, "received invalid BackendKeyData message: cancel key with length %d is too long (maximum 256 bytes)", cancel_key_len);

+ handleFatalError(conn);

+ return 0;

+ }

conn->be_cancel_key = malloc(cancel_key_len);

if (conn->be_cancel_key == NULL)

{

This is the main PostgreSQL git repository.

RSS Atom