Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Limit max username/password size in SSecurityPlain.
Setting the limit to 1024 which should be still more than enough. Unlimited ulen and plen can cause various security problems: * Overflow in `is->checkNoWait(ulen + plen + 2)` causing it to contine when there is not enough data and then wait forever. * Overflow in `new char[plen + 1]` that would allocate zero sized array which succeeds but returns pointer that should not be written into. * Allocation failure in `new char[plen + 1]` from trying to allocate too much and crashing the whole server. All those issues can be triggered by a client before authentication.
- Loading branch information