On Sat, Nov 11, 2017 at 8:37 AM, Peter Eisentraut <peter.eisentr...@2ndquadrant.com> wrote: > On 11/6/17 23:30, Michael Paquier wrote: >> On Fri, Nov 3, 2017 at 12:57 PM, Thomas Munro >> <thomas.mu...@enterprisedb.com> wrote: >>> 1. If you set up a pg_hba.conf with a URL that lacks a base DN or >>> hostname, hba.c will segfault on startup when it tries to pstrdup a >>> null pointer. Examples: ldapurl="ldap://localhost" and >>> ldapurl="ldap://". >>> >>> 2. If we fail to bind but have no binddn configured, we'll pass NULL >>> to ereport (snprint?) for %s, which segfaults on some libc >>> implementations. That crash requires more effort to reproduce but you >>> can see pretty clearly a few lines above in auth.c that it can be >>> NULL. (I'm surprised Coverity didn't complain about that. Maybe it >>> can't see this code due to macros.) > > committed and backpatched
Thanks! I suppose someone might eventually want to go further and teach it to understand such bare URLs or missing options (ie leaving out any bits you want and falling back to the ldap library's defaults, which come from places like env variables, .ldaprc and /etc/ldap.conf, the way that "ldapsearch" and other tools manage to work with reasonable defaults, or at least only need to be set up in one place for all your LDAP-client software). I'm not planning to work on that. -- Thomas Munro http://www.enterprisedb.com -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers