| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | pgsql-committers(at)postgresql(dot)org |
| Subject: | pgsql: Fix buffer overrun after incomplete read in pullf_read_max(). |
| Date: | 2015-02-02 15:01:50 |
| Message-ID: | E1YIIVa-0008Q0-Sv@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Fix buffer overrun after incomplete read in pullf_read_max().
Most callers pass a stack buffer. The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation. Back-patch to 9.0 (all supported versions).
Marko Tiikkaja
Security: CVE-2015-0243
Branch
------
REL9_1_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/11f738a8afb9e93ca31cd37331fc640d92b9ec96
Modified Files
--------------
contrib/pgcrypto/expected/pgp-info.out | 3 ++-
contrib/pgcrypto/expected/pgp-pubkey-decrypt.out | 25 +++++++++++++++++++++
contrib/pgcrypto/mbuf.c | 1 +
contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql | 26 ++++++++++++++++++++++
4 files changed, 54 insertions(+), 1 deletion(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Heikki Linnakangas | 2015-02-02 15:18:15 | pgsql: Be more careful to not lose sync in the FE/BE protocol. |
| Previous Message | Tom Lane | 2015-02-02 05:19:43 | pgsql: Doc: fix syntax description for psql's \setenv. |