| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: port/snprintf(): fix overflow and do padding |
| Date: | 2015-02-02 15:01:50 |
| Message-ID: | E1YIIVa-0008Pw-SN@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
port/snprintf(): fix overflow and do padding
Prevent port/snprintf() from overflowing its local fixed-size
buffer and pad to the desired number of digits with zeros, even
if the precision is beyond the ability of the native sprintf().
port/snprintf() is only used on systems that lack a native
snprintf().
Reported by Bruce Momjian. Patch by Tom Lane. Backpatch to all
supported versions.
Security: CVE-2015-0242
Branch
------
REL9_1_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/98f2479d8271934ae6ec43a450e11506df015051
Modified Files
--------------
src/port/snprintf.c | 69 +++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 62 insertions(+), 7 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2015-02-02 15:18:15 | pgsql: Be more careful to not lose sync in the FE/BE protocol. |
| Previous Message | Tom Lane | 2015-02-02 05:19:43 | pgsql: Doc: fix syntax description for psql's \setenv. |