Use bytes.Buffer to read in recvMessage

[Preetam]

In our testing we've noticed that attempts to connect to hosts that are not actually PostgreSQL can lead to excessive memory usage and DoS. Instead of allocating a potentially large slice up front, this PR uses a *bytes.Buffer to dynamically resize the slice as needed. If EOF is encountered early (like in the example below) then the program avoids allocating extremely large slices.

Here is a small program to reproduce the issue. It easily uses over 9 GB RAM locally and it takes a while for the GC to reclaim the memory.

https://go.dev/play/p/9t07FdtaW9q

[johto]

Wouldn't this make everyone pay a penalty when the connection actually succeeded?

I think a more promising approach would be to do what libpq does and validate the first response a bit more carefully.

[Preetam]

Yes, agreed. Unfortunately I don't have time to work on this so I will be closing this PR. We have fixed this issue by requiring SSL, which does not have this problem.