Home > mailing lists

pgsql: Protect against small overread in SASLprep validation - Mailing list pgsql-committers

From	Daniel Gustafsson
Subject	pgsql: Protect against small overread in SASLprep validation
Date	September 10 15:27:04
Msg-id	E1snx9M-000QHm-18@gemulon.postgresql.org Whole thread Raw
List	pgsql-committers

Tree view

Protect against small overread in SASLprep validation

In case of torn UTF8 in the input data we might end up going
past the end of the string since we don't account for length.
While validation won't be performed on a sequence with a NULL
byte it's better to avoid going past the end to beging with.
Fix by taking the length into consideration.

Author: Jacob Champion <jacob.champion@enterprisedb.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com

Branch
------
master

Details
-------
https://git.postgresql.org/pg/commitdiff/390b3cbbb2af3c749587b0697c01c94e0e173510

Modified Files
--------------
src/common/saslprep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

pgsql-committers by date:

From: Peter Eisentraut
Date: 10 September, 14:09:04
Subject: pgsql: Add amgettreeheight index AM API routine

From: Tomas Vondra
Date: 10 September, 20:30:56
Subject: pgsql: Add PG_TEST_PG_COMBINEBACKUP_MODE to CI tasks

pgsql: Protect against small overread in SASLprep validation - Mailing list pgsql-committers

Previous

Next