From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | pgsql-committers(at)postgresql(dot)org |
Subject: | pgsql: Prevent execution of enum_recv() from SQL. |
Date: | 2013-02-04 21:27:27 |
Message-ID: | E1U2TZX-0006dF-3d@gemulon.postgresql.org |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-committers |
Prevent execution of enum_recv() from SQL.
This function was misdeclared to take cstring when it should take internal.
This at least allows crashing the server, and in principle an attacker
might be able to use the function to examine the contents of server memory.
The correct fix is to adjust the system catalog contents (and fix the
regression tests that should have caught this but failed to). However,
asking users to correct the catalog contents in existing installations
is a pain, so as a band-aid fix for the back branches, install a check
in enum_recv() to make it throw error if called with a cstring argument.
We will later revert this in HEAD in favor of correcting the catalogs.
Our thanks to Sumit Soni (via Secunia SVCRP) for reporting this issue.
Security: CVE-2013-0255
Branch
------
REL9_1_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/1881634820603e8212983ebd4825d4f4b4988789
Modified Files
--------------
doc/src/sgml/release-8.3.sgml | 13 +++++++++++++
doc/src/sgml/release-8.4.sgml | 13 +++++++++++++
doc/src/sgml/release-9.0.sgml | 13 +++++++++++++
doc/src/sgml/release-9.1.sgml | 13 +++++++++++++
src/backend/utils/adt/enum.c | 5 +++++
5 files changed, 57 insertions(+), 0 deletions(-)
From | Date | Subject | |
---|---|---|---|
Next Message | Tom Lane | 2013-02-04 21:29:37 | pgsql: Stamp 8.4.16. |
Previous Message | Tom Lane | 2013-02-04 20:51:29 | pgsql: Update release notes for 9.2.3, 9.1.8, 9.0.12, 8.4.16, 8.3.23. |