pgsql: Check return values of sensitive system library calls. - Mailing list pgsql-committers

From Noah Misch
Subject pgsql: Check return values of sensitive system library calls.
Date
Msg-id E1YuLeE-00066f-Tm@gemulon.postgresql.org
Whole thread Raw
List pgsql-committers
Check return values of sensitive system library calls.

PostgreSQL already checked the vast majority of these, missing this
handful that nearly cannot fail.  If putenv() failed with ENOMEM in
pg_GSS_recvauth(), authentication would proceed with the wrong keytab
file.  If strftime() returned zero in cache_locale_time(), using the
unspecified buffer contents could lead to information exposure or a
crash.  Back-patch to 9.0 (all supported versions).

Other unchecked calls to these functions, especially those in frontend
code, pose negligible security concern.  This patch does not address
them.  Nonetheless, it is always better to check return values whose
specification provides for indicating an error.

In passing, fix an off-by-one error in strftime_win32()'s invocation of
WideCharToMultiByte().  Upon retrieving a value of exactly MAX_L10N_DATA
bytes, strftime_win32() would overrun the caller's buffer by one byte.
MAX_L10N_DATA is chosen to exceed the length of every possible value, so
the vulnerable scenario probably does not arise.

Security: CVE-2015-3166

Branch
------
REL9_2_STABLE

Details
-------
http://git.postgresql.org/pg/commitdiff/01272d95a979efb913819fb2823d3eaf3f8ad29e

Modified Files
--------------
src/backend/libpq/auth.c          |    7 ++--
src/backend/utils/adt/pg_locale.c |   74 ++++++++++++++++++++++---------------
2 files changed, 48 insertions(+), 33 deletions(-)


pgsql-committers by date:

Previous
From: Noah Misch
Date:
Subject: pgsql: Check return values of sensitive system library calls.
Next
From: Noah Misch
Date:
Subject: pgsql: pgcrypto: Report errant decryption as "Wrong key or corrupt data