Home > mailing lists

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) - Mailing list pgsql-hackers

From	Neil Conway
Subject	Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd)
Date	August 21, 2002 20:05:12
Msg-id	87n0rfnctl.fsf@mailbox.samurai.com Whole thread Raw
In response to	Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) (Neil Conway <neilc@samurai.com>)
List	pgsql-hackers

Tree view

Neil Conway <neilc@samurai.com> writes:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>
> > Vince Vielhaber <vev@michvhf.com> writes:
> > > Here's yet another.  He claims malicious code can be run on the server
> > > with this one.
> >
> > regression=# select repeat('xxx',1431655765);
> > server closed the connection unexpectedly
> >
> > This is probably caused by integer overflow in calculating the size of
> > the repeat's result buffer.  It'd take some considerable doing to create
> > an arbitrary-code exploit, but perhaps could be done.  Anyone want to
> > investigate a patch?
>
> This seems to fix the problem:

No, no it does not :-)

Tom pointed out some obvious braindamage in my previous patch. I've
attached a revised version.

Cheers,

Neil

--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC

Attachment

repeat_fix-3.patch

pgsql-hackers by date:

From: Peter Eisentraut
Date: 21 August 2002, 19:44:42
Subject: Re: CREATE CAST WITHOUT FUNCTION should require superuserness?

From: Bruce Momjian
Date: 21 August 2002, 20:05:18
Subject: Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in

Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (fwd) - Mailing list pgsql-hackers

Attachment

Previous

Next