Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wB5FC-000igj-2n for pgsql-bugs@arkaria.postgresql.org; Fri, 10 Apr 2026 06:21:31 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1wB5FB-009mLI-0R for pgsql-bugs@arkaria.postgresql.org; Fri, 10 Apr 2026 06:21:30 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1wB5FA-009mL9-2r for pgsql-bugs@lists.postgresql.org; Fri, 10 Apr 2026 06:21:29 +0000 Received: from fout-a2-smtp.messagingengine.com ([103.168.172.145]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wB5F9-00000000J0N-2oQz for pgsql-bugs@lists.postgresql.org; Fri, 10 Apr 2026 06:21:29 +0000 Received: from phl-compute-07.internal (phl-compute-07.internal [10.202.2.47]) by mailfout.phl.internal (Postfix) with ESMTP id 20357EC0014; Fri, 10 Apr 2026 02:21:26 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-07.internal (MEProxy); Fri, 10 Apr 2026 02:21:26 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paquier.xyz; h= cc:content-type:content-type:date:date:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:subject :subject:to:to; s=fm2; t=1775802086; x=1775888486; bh=vv6W23rVep 8UYM0w54kzPxtmWjn9Lj6qobUfaMf/Zps=; b=EW51swgJmwxv3D9rbE2l0DDfCG W0/zj9b+pB0Jfj8vrUtEy/o0FL3Krqp8oyf+7KqWgx/Q10a/zzx3IOBSw6+iTGNZ KtIkuW4YO/eecGNCpjaCbhzALDbWgI2qSiQX4Vepxs7uSG+e14YFDz72IlWIL5ox DIYxowURYYl1igmqhJIjNusF6iahwt9Z9wUgRxDa7ZKInhPrHz0IoJsFwIBGTuzi ZNRvyCnxHuwtsQcSN+sN0a+LtTjhIvTLIqZUli5oOtmmCsQA09oFxOoKmmitYQP4 RWQcn1X3j/QYWuRbS38Hwscymboy9rIFtFRDwRYDmAT0ArjL9dnVLI8x74Qw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1775802086; x=1775888486; bh=vv6W23rVep8UYM0w54kzPxtmWjn9Lj6qobU faMf/Zps=; b=IqDRzVop000YDKKecGaeNjlvfVV0BeKx6N7k6qAr9NVDtSI1l+k FMFx0kJU3HkV3Q+MGGboeXel5c3RCI4UBAyQLAqWOovJSTnz6YcDoOJv/tJmxlEP DK/XSvFfEQGG0Li1JRGa/8sFSH5DjTTEGc/hdO4Cqz1jdSLozNcu8g0atXDq+x+A 7rTi0g9j8JCwKGewmp1hVBLoKtvGqb0bYQ+3ZdK/4f/vWXuag1m9jQeTGGjs0fzM DOUCBQboj8flZkScUpTtK7emgkGFEDZ5QxkzhjiJWDOmYiMwoGelSXYxlQDV6Lo2 Dl7JNr+gAtEGYeRU7h29CIkTMMmJFigoTFA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgddvkeeijecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpuffrtefokffrpgfnqfghnecuuegr ihhlohhuthemuceftddtnecufghrlhcuvffnffculdejtddmnecujfgurhepfffhvffukf hfgggtuggjsehgtderredttddvnecuhfhrohhmpefoihgthhgrvghlucfrrghquhhivghr uceomhhitghhrggvlhesphgrqhhuihgvrhdrgiihiieqnecuggftrfgrthhtvghrnhepvd egudeuhfdtueeltedtveejheehieevueeigeelteegleejleeiueeiheegvefhnecuvehl uhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhhitghhrggvlh esphgrqhhuihgvrhdrgiihiidpnhgspghrtghpthhtohepvddpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepshhtrghsohhsvdegsehgmhgrihhlrdgtohhmpdhrtghpthhtoh epphhgshhqlhdqsghughhssehlihhsthhsrdhpohhsthhgrhgvshhqlhdrohhrgh X-ME-Proxy: Feedback-ID: i0fe9450f:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 10 Apr 2026 02:21:24 -0400 (EDT) Date: Fri, 10 Apr 2026 15:21:20 +0900 From: Michael Paquier To: stasos24@gmail.com, pgsql-bugs@lists.postgresql.org Subject: Re: BUG #19422: Malformed raius packet Message-ID: References: <19422-bdaba8a639a0c911@postgresql.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="RQc0RcZPzRVPLak1" Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --RQc0RcZPzRVPLak1 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Mar 03, 2026 at 04:20:37PM +0900, Michael Paquier wrote: > Looking at RFC 2865, there is nothing about a limit of size for the > attributes. This means that we are only limited by our > RADIUS_BUFFER_SIZE. Hence, we could bump radius_attribute.length to > uint16 and add some casts in the check for RADIUS_BUFFER_SIZE so as > we don't overflow the addition before adding an attribute to the > packet? On the other hand, we could aim for simpler and just reject > any attributes larger than 255 bytes. I doubt that anybody would be > insane enough to use fields larger than that 255 bytes anyway. Both > solutions are equal in simplicity here. It is worth noting that RADIUS support has been removed as of Postgres 19 in commit a1643d40b308, so I doubt that we need to take any action here. Or would somebody be interested enough to send a patch? -- Michael --RQc0RcZPzRVPLak1 Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEG72nH6vTowiyblFKnvQgOdbyQH0FAmnYluAACgkQnvQgOdby QH1DMBAAkRckjwLC1IcYVetMcpbfHczOe0F1fcXnb2yxLZp5KuAjJo3YUKe1t5GW 9HpKyTK3Ip5ZPp4mHO6eHLjqhHIqrXkCx7KBclPem5+SKSON1AhELLlu2UkjpnJ7 fTnVBOsuskBo02EzSLl4wzaZkqZSerNx3Ds4Tw2F3r21rGYQHXx/wVXBf/giW75f +pmlR+sKhQGG9PajsiJqwslQ9ziiBtaNs4YLQ02PjPmiQzK5vWysATg3hM7kl42u ztzHY3o0Y8gycV0jtjbjGaMpYfe2hL11LW70XH6je6KwADxuKPlcF6iB0fX+1Vue 29H37xk/aveqOsCU8Hs0qT/S1vydmSMEqhB42n4rhHhHJvZKIp9w0gBZ79uaaBz+ LNXicgEQxnGhgn1lSBu3LmI+uzhs7csoplnEIVIr6eRd27wdRgJam7QXKupB50RM dBhcXeIByKMgAnz6Z0DPlwTI357aKV7ivg9sq2X7HsxsecX7eCH+YBtcFmpqU+Sa PaxyBIGXJqbwea7SmEVnGWmE/dhWSohh3gupqy66X691CVVP79eT/gMzcfuUN24i KH+0Djo8hsMAlwCrJZruqOPjLNI3FQd6TZslAVGfY0R6/MJl1eLbaJy3jz4hfBKu 1x8eMtADt3xOgFH3lfF7Xua5j5m7VH1xbDeKb4IbbKEGBuKshNo= =LI6/ -----END PGP SIGNATURE----- --RQc0RcZPzRVPLak1--