Home > mailing lists

pgsql: Fix buffer overrun after incomplete read in pullf_read_max(). - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Fix buffer overrun after incomplete read in pullf_read_max().
Date	February 7, 2015 05:17:54
Msg-id	E1YIIVa-0008OT-KY@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Fix buffer overrun after incomplete read in pullf_read_max().

Most callers pass a stack buffer.  The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation.  Back-patch to 9.0 (all supported versions).

Marko Tiikkaja

Security: CVE-2015-0243

Branch
------
master

Details
-------
http://git.postgresql.org/pg/commitdiff/1dc75515868454c645ded22d38054ec693e23ec6

Modified Files
--------------
contrib/pgcrypto/expected/pgp-info.out           |    3 ++-
contrib/pgcrypto/expected/pgp-pubkey-decrypt.out |   25 +++++++++++++++++++++
contrib/pgcrypto/mbuf.c                          |    1 +
contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql      |   26 ++++++++++++++++++++++
4 files changed, 54 insertions(+), 1 deletion(-)

pgsql-committers by date:

From: Noah Misch
Date: 07 February 2015, 05:17:43
Subject: pgsql: Fix buffer overrun after incomplete read in pullf_read_max().

From: Bruce Momjian
Date: 07 February 2015, 05:18:03
Subject: pgsql: to_char(): prevent accesses beyond the allocated buffer

pgsql: Fix buffer overrun after incomplete read in pullf_read_max(). - Mailing list pgsql-committers

Previous

Next