]> granicus.if.org Git - postgresql/commit
projects / postgresql / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8299e75) | patch
There is a bug in aclinsert3 in the code which update the acl arrays.
authorBruce Momjian <bruce@momjian.us>
Wed, 20 Nov 1996 22:53:10 +0000 (22:53 +0000)
committerBruce Momjian <bruce@momjian.us>
Wed, 20 Nov 1996 22:53:10 +0000 (22:53 +0000)
commitc4d6bda2c56a9252364272bd0a8779a5a815872b
tree7ef7f10a89e6cfb86a5b72f4d104af7752a962f9tree | snapshot
parent8299e75577645e420745ea48276b6e8e4ceeb138commit | diff
There is a bug in aclinsert3 in the code which update the acl arrays.
When an acl item is added or updated the new entry is deleted if it has no
permissions and the acl array is shrinked. This is is done by decrementing
the number of items without updating the corresponding array size.
The array with the incorrect size is later read by pg_aclcheck and the entry
count is used to allocate a new array while the array size is used to copy
the old one. This causes a memory corruption and a backend crash.
This happens only to normal user as the administrator bypasses acl checks.
Massimo Dal Zotto
src/backend/utils/adt/acl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.