| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Reject CancelRequestPacket having unexpected length. |
| Date: | 2023-01-21 14:12:19 |
| Message-ID: | E1pJEbT-004muK-7A@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Reject CancelRequestPacket having unexpected length.
When the length was too short, the server read outside the allocation.
That yielded the same log noise as sending the correct length with
(backendPID,cancelAuthCode) matching nothing. Change to a message about
the unexpected length. Given the attacker's lack of control over the
memory layout and the general lack of diversity in memory layouts at the
code in question, we doubt a would-be attacker could cause a segfault.
Hence, while the report arrived via security(at)postgresql(dot)org, this is not
a vulnerability. Back-patch to v11 (all supported versions).
Andrey Borodin, reviewed by Tom Lane. Reported by Andrey Borodin.
Branch
------
REL_15_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/b152bb7b2724a7c62c2440c510af4926a996bbbc
Modified Files
--------------
src/backend/postmaster/postmaster.c | 7 +++++++
1 file changed, 7 insertions(+)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-01-21 18:10:48 | pgsql: Allow REPLICA IDENTITY to be set on an index that's not (yet) va |
| Previous Message | Andres Freund | 2023-01-21 05:25:19 | pgsql: Zero initialize uses of instr_time about to trigger compiler war |