| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | jackie(dot)qq(dot)chang(at)gmail(dot)com |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #8540: Avoid sscanf buffer overflow |
| Date: | 2014-02-15 16:52:44 |
| Message-ID: | 20140215165243.GA3651@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Sat, Oct 19, 2013 at 09:49:05PM +0000, jackie(dot)qq(dot)chang(at)gmail(dot)com wrote:
> The following bug has been logged on the website:
>
> Bug reference: 8540
> Logged by: Jackie Chang
> Email address: jackie(dot)qq(dot)chang(at)gmail(dot)com
> PostgreSQL version: 9.3.1
> Operating system: Any
> Description:
>
> sscanf can set the maximum length of string read. If such a number is not
> provided, it's vulnerable to buffer overflow.
I have looked at your patch and I wasn't happy to be adding a hard-coded
constant based on a macro definition. What I did do with the attached,
applied patch is to remove the use of sscanf in pg_upgrade, and add a C
comment in pg_dump explaining why the scanf can't overflow. I didn't
see increasing the xlog.c length as useful.
For pg_dump it would be nice from a sanity perspective if we could do:
sscanf(str, "%" CppAsString2(MAXPGPATH-1) "s\n", ...
but there is no way to string-ify a macro while also computing it during
preprocessing.
--
Bruce Momjian <bruce(at)momjian(dot)us> http://momjian.us
EnterpriseDB http://enterprisedb.com
+ Everyone has their own god. +
| Attachment | Content-Type | Size |
|---|---|---|
| scanf.diff | text/x-diff | 1.4 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | krichter722 | 2014-02-17 04:00:35 | BUG #9251: default values for fatal error logging in service |
| Previous Message | Andres Freund | 2014-02-15 09:27:18 | Re: BUG #9161: wal_writer_delay is limited to 10s |