Home > mailing lists

pgsql: Reject CancelRequestPacket having unexpected length. - Mailing list pgsql-committers

From	Noah Misch
Subject	pgsql: Reject CancelRequestPacket having unexpected length.
Date	January 21, 2023 17:12:19
Msg-id	E1pJEbT-004muJ-6f@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Reject CancelRequestPacket having unexpected length.

When the length was too short, the server read outside the allocation.
That yielded the same log noise as sending the correct length with
(backendPID,cancelAuthCode) matching nothing.  Change to a message about
the unexpected length.  Given the attacker's lack of control over the
memory layout and the general lack of diversity in memory layouts at the
code in question, we doubt a would-be attacker could cause a segfault.
Hence, while the report arrived via security@postgresql.org, this is not
a vulnerability.  Back-patch to v11 (all supported versions).

Andrey Borodin, reviewed by Tom Lane.  Reported by Andrey Borodin.

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/e52daaabf8f1bf8096b0c105e2f719d9c68be3fa

Modified Files
--------------
src/backend/postmaster/postmaster.c | 7 +++++++
1 file changed, 7 insertions(+)

pgsql-committers by date:

From: Andres Freund
Date: 21 January 2023, 08:25:19
Subject: pgsql: Zero initialize uses of instr_time about to trigger compiler war

From: Tom Lane
Date: 21 January 2023, 21:10:48
Subject: pgsql: Allow REPLICA IDENTITY to be set on an index that's not (yet) va

pgsql: Reject CancelRequestPacket having unexpected length. - Mailing list pgsql-committers

Previous

Next