From: | Jasen Betts <jasen(at)xnet(dot)co(dot)nz> |
---|---|
To: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #4791: NULL value in function causes reproducible segmentation fault |
Date: | 2009-05-05 10:15:44 |
Message-ID: | gtp3kg$sda$2@reversiblemaps.ath.cx |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
On 2009-05-05, Sikkerhed.org ApS <support(at)sikkerhed(dot)org> wrote:
>
> The following bug has been logged online:
>
> Bug reference: 4791
> Logged by: Sikkerhed.org ApS
> Email address: support(at)sikkerhed(dot)org
> PostgreSQL version: 8.3.7-0lenny1
> Operating system: Debian GNU/Linux 5.0.1 stable (fully updated)
> Description: NULL value in function causes reproducible segmentation
> fault
> Details:
>
> We are using a couple of functions in PostgreSQL, namely
>
> CREATE OR REPLACE FUNCTION digest(text, text) RETURNS bytea AS
> '$libdir/pgcrypto', 'pg_digest' LANGUAGE 'C';
>
> CREATE OR REPLACE FUNCTION sha1(text) RETURNS text AS 'SELECT
> ENCODE(DIGEST($1, ''sha1''), ''hex'') AS result' LANGUAGE 'SQL';
>
>
> We experienced a bad crash on our production server, and narrowed it down to
> a reproducible test case.
>
> The following query will crash the server every time:
>
> SELECT SHA1(NULL);
>
> Please let us know if you require more information.
AFAICT this exploits a documented feature of the 'C' language, namely
if you crash the C the backend is compromised.
the fix is easy:
CREATE OR REPLACE FUNCTION digest(text, text) RETURNS bytea AS
'$libdir/pgcrypto', 'pg_digest' LANGUAGE 'C'
RETURNS NULL ON NULL INPUT ;
From | Date | Subject | |
---|---|---|---|
Next Message | Dennis Noordsij | 2009-05-05 13:38:32 | BUG #4793: Segmentation fault when doing vacuum analyze |
Previous Message | Christian Iversen | 2009-05-05 10:00:43 | Re: BUG #4791: NULL value in function causes reproducible segmentation fault |