Index: src/backend/libpq/auth.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/libpq/auth.c,v
retrieving revision 1.85
diff -c -r1.85 auth.c
*** src/backend/libpq/auth.c	27 Aug 2002 16:21:50 -0000	1.85
--- src/backend/libpq/auth.c	28 Aug 2002 03:37:26 -0000
***************
*** 336,341 ****
--- 336,355 ----
  	if (pq_getint(&len, 4) == EOF)
  		return STATUS_EOF;
  	len -= 4;
+ 
+ 	/*
+ 	 * Since the remote client has not yet been authenticated, we need
+ 	 * to be careful when using the data they send us. The 8K limit is
+ 	 * arbitrary: the intent is to ensure we don't allocate an enormous
+ 	 * chunk of memory.
+ 	 */
+ 
+ 	if (len < 1 || len > 8192)
+ 	{
+ 		elog(LOG, "Password packet length too long: %d", len);
+ 		return STATUS_EOF;
+ 	}
+ 
  	buf = palloc(len);
  	if (pq_getbytes(buf, len) == EOF)
  	{