Prevent buffer overrun while parsing an integer in a "query_int" value.
contrib/intarray's gettoken() uses a fixed-size buffer to collect an
integer's digits, and did not guard against overrunning the buffer.
This is at least a backend crash risk, and in principle might allow
arbitrary code execution. The code didn't check for overflow of the
integer value either, which while not presenting a crash risk was still
bad.
Thanks to Apple Inc's security team for reporting this issue and supplying
the fix.
Security: CVE-2010-4015
Branch
------
REL8_2_STABLE
Details
-------
http://git.postgresql.org/gitweb?p=postgresql.git;a=commitdiff;h=e11349fdbae7295b91699a70a791c093fc6d254e
Modified Files
--------------
contrib/intarray/_int_bool.c | 26 ++++++++++++++++----------
1 files changed, 16 insertions(+), 10 deletions(-)
Есть вопросы? Напишите нам!
Соглашаюсь с условиями обработки персональных данных
✖
By continuing to browse this website, you agree to the use of cookies. Go to Privacy Policy.
