[pgpool-general: 894] Re: read_startup_packet: out of memory

Philip Hofstetter phofstetter at sensational.ch
Wed Aug 15 22:32:40 JST 2012


On Wed, Aug 15, 2012 at 7:52 AM, Tatsuo Ishii <ishii at postgresql.org> wrote:

> I was wrong. pgool tried to allocate (-2139750145) bytes (actually
> this is a huge positive number from malloc's point of view, since it's
> argument is unsigned, rather than int) and failed. Of course in this
> case pgpool should not try to allocate memory.
> I have fixed this for master to all supported branches.

This is actually a denial of service issue as an unauthenticated
attacker could easily make pgpool allocate all available memory,
causing the machine to swap and likely not accept any further
legitimate connections.

Maybe release a security-update for all supported versions?

OTOH, people probably shouldn't be running pgpool in a non-trusted
network, so it's not that big of a deal.


More information about the pgpool-general mailing list