Re: BUG #8540: Avoid sscanf buffer overflow - Mailing list pgsql-bugs

From Bruce Momjian
Subject Re: BUG #8540: Avoid sscanf buffer overflow
Date
Msg-id 20140215165243.GA3651@momjian.us
Whole thread Raw
In response to BUG #8540: Avoid sscanf buffer overflow  (jackie.qq.chang@gmail.com)
List pgsql-bugs
On Sat, Oct 19, 2013 at 09:49:05PM +0000, jackie.qq.chang@gmail.com wrote:
> The following bug has been logged on the website:
>
> Bug reference:      8540
> Logged by:          Jackie Chang
> Email address:      jackie.qq.chang@gmail.com
> PostgreSQL version: 9.3.1
> Operating system:   Any
> Description:
>
> sscanf can set the maximum length of string read. If such a number is not
> provided, it's vulnerable to buffer overflow.

I have looked at your patch and I wasn't happy to be adding a hard-coded
constant based on a macro definition.  What I did do with the attached,
applied patch is to remove the use of sscanf in pg_upgrade, and add a C
comment in pg_dump explaining why the scanf can't overflow.  I didn't
see increasing the xlog.c length as useful.

For pg_dump it would be nice from a sanity perspective if we could do:

    sscanf(str, "%" CppAsString2(MAXPGPATH-1) "s\n", ...

but there is no way to string-ify a macro while also computing it during
preprocessing.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + Everyone has their own god. +

Attachment

pgsql-bugs by date:

Previous
From: Andres Freund
Date:
Subject: Re: BUG #9161: wal_writer_delay is limited to 10s
Next
From: krichter722@aol.de
Date:
Subject: BUG #9251: default values for fatal error logging in service