[pgpool-general: 894] Re: read_startup_packet: out of memory
phofstetter at sensational.ch
Wed Aug 15 22:32:40 JST 2012
On Wed, Aug 15, 2012 at 7:52 AM, Tatsuo Ishii <ishii at postgresql.org> wrote:
> I was wrong. pgool tried to allocate (-2139750145) bytes (actually
> this is a huge positive number from malloc's point of view, since it's
> argument is unsigned, rather than int) and failed. Of course in this
> case pgpool should not try to allocate memory.
> I have fixed this for master to all supported branches.
This is actually a denial of service issue as an unauthenticated
attacker could easily make pgpool allocate all available memory,
causing the machine to swap and likely not accept any further
Maybe release a security-update for all supported versions?
OTOH, people probably shouldn't be running pgpool in a non-trusted
network, so it's not that big of a deal.
More information about the pgpool-general