Index: src/backend/libpq/auth.c
===================================================================
RCS file: /var/lib/cvs/pgsql-server/src/backend/libpq/auth.c,v
retrieving revision 1.85
diff -c -r1.85 auth.c
*** src/backend/libpq/auth.c	27 Aug 2002 16:21:50 -0000	1.85
--- src/backend/libpq/auth.c	28 Aug 2002 04:31:57 -0000
***************
*** 336,341 ****
--- 336,356 ----
  	if (pq_getint(&len, 4) == EOF)
  		return STATUS_EOF;
  	len -= 4;
+ 
+ 	/*
+ 	 * Since the remote client has not yet been authenticated, we need
+ 	 * to be careful when using the data they send us. The 8K limit is
+ 	 * arbitrary, and somewhat bogus: the intent is to ensure we don't
+ 	 * allocate an enormous chunk of memory.
+ 	 */
+ 
+ 	if (len < 1 || len > 8192)
+ 	{
+ 		elog(LOG, "Invalid password packet length: %d; "
+ 			 "must satisfy 1 <= length <= 8192", len);
+ 		return STATUS_EOF;
+ 	}
+ 
  	buf = palloc(len);
  	if (pq_getbytes(buf, len) == EOF)
  	{