Hi,
During a routine Coverity scan of our internal PostgreSQL fork, it
issued a buffer overrun warning for src/backend/libpq/hba.c,
gethba_options()[0]:
MAIN_ISSUE EventDescription: Overrunning array "options" of 12 8-byte
elements at element index 12 (byte offset 96) using index "noptions++"
(which evaluates to 12).
[...]
if (hba->ldapscope)
options[noptions++] =
CStringGetTextDatum(psprintf("ldapscope=%d", hba->ldapscope));
[...]
This is because earlier in the function[1], if hba->usermap,
hba->clientcert, and hba->pamservice were set then noptions would
exceed MAX_HBA_OPTIONS. Of course, if those options are mutually
exclusive with hba->auth_method == uaLDAP, then it's a false positive.
Is that the case, or should MAX_HBA_OPTIONS be increased?
Thanks.
[0]
https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2307
[1]
https://github.com/postgres/postgres/blob/master/src/backend/libpq/hba.c#L2249
