summaryrefslogtreecommitdiff
path: root/src/interfaces/libpq/fe-connect.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/interfaces/libpq/fe-connect.c')
-rw-r--r--src/interfaces/libpq/fe-connect.c17
1 files changed, 16 insertions, 1 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c
index 19bbc006669..c3a2448dce5 100644
--- a/src/interfaces/libpq/fe-connect.c
+++ b/src/interfaces/libpq/fe-connect.c
@@ -18,6 +18,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <ctype.h>
+#include <limits.h>
#include <netdb.h>
#include <time.h>
#include <unistd.h>
@@ -1140,7 +1141,7 @@ parse_comma_separated_list(char **startptr, bool *more)
char *p;
char *s = *startptr;
char *e;
- int len;
+ size_t len;
/*
* Search for the end of the current element; a comma or end-of-string
@@ -5769,7 +5770,21 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
/* concatenate values into a single string with newline terminators */
size = 1; /* for the trailing null */
for (i = 0; values[i] != NULL; i++)
+ {
+ if (values[i]->bv_len >= INT_MAX ||
+ size > (INT_MAX - (values[i]->bv_len + 1)))
+ {
+ libpq_append_error(errorMessage,
+ "connection info string size exceeds the maximum allowed (%d)",
+ INT_MAX);
+ ldap_value_free_len(values);
+ ldap_unbind(ld);
+ return 3;
+ }
+
size += values[i]->bv_len + 1;
+ }
+
if ((result = malloc(size)) == NULL)
{
libpq_append_error(errorMessage, "out of memory");
generated by cgit v1.2.3 (git 2.46.0) at 2025-11-23 18:55:02 +0000