]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 56232f9) | patch
Prevent stack overflow in json-related functions.
authorNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:29 +0000 (10:06 -0400)
committerNoah Misch <noah@leadboat.com>
Mon, 5 Oct 2015 14:06:35 +0000 (10:06 -0400)
commit8dacb29ca7c92814d69135f40e16a46f8cf9cbaf
tree01fe87c7ff0dd26aac30e403c2e7408b4be19f9atree | snapshot
parent56232f9879768e961485d8ba218da18c38768413commit | diff
Prevent stack overflow in json-related functions.

Sufficiently-deep recursion heretofore elicited a SIGSEGV.  If an
application constructs PostgreSQL json or jsonb values from arbitrary
user input, application users could have exploited this to terminate all
active database connections.  That applies to 9.3, where the json parser
adopted recursive descent, and later versions.  Only row_to_json() and
array_to_json() were at risk in 9.2, both in a non-security capacity.
Back-patch to 9.2, where the json type was introduced.

Oskari Saarenmaa, reviewed by Michael Paquier.

Security: CVE-2015-5289
src/backend/utils/adt/json.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.