On Mon, Jul 24, 2023 at 03:07:07PM -0300, Fabrízio de Royes Mello wrote: > On Mon, Jul 24, 2023 at 2:53 PM Tom Lane <t...@sss.pgh.pa.us> wrote: >> >> We got a complaint at [1] about how a not-so-unreasonable LDAP >> configuration can hit the "authentication file token too long, >> skipping" error case in hba.c's next_token(). I think we've >> seen similar complaints before, although a desultory archives >> search didn't turn one up. >> >> A minimum-change response would be to increase the MAX_TOKEN >> constant from 256 to (say) 1K or 10K. But it wouldn't be all >> that hard to replace the fixed-size buffer with a StringInfo, >> as attached. >> > > +1 for replacing it with StringInfo. And the patch LGTM!
I'd suggest noting that next_token() clears buf, but otherwise it looks reasonable to me, too. >> Given the infrequency of complaints, I'm inclined to apply >> the more thorough fix only in HEAD, and to just raise MAX_TOKEN >> in the back branches. Thoughts? >> > > It makes sense to change it only in HEAD. I wouldn't be opposed to back-patching the more thorough fix, but I don't feel too strongly about it. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
