]> granicus.if.org Git - postgresql/commit
Fix buffer overrun after incomplete read in pullf_read_max().
authorNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:45 +0000 (10:00 -0500)
committerNoah Misch <noah@leadboat.com>
Mon, 2 Feb 2015 15:00:52 +0000 (10:00 -0500)
commitce6f261cd2df5f166ee21d54c4ad13f535193035
treef50b1f879428344f9d189464afe2df50d334d0e6
parent9e05c5063eb01ce52618f29fe975696dc4495e6f
Fix buffer overrun after incomplete read in pullf_read_max().

Most callers pass a stack buffer.  The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation.  Back-patch to 9.0 (all supported versions).

Marko Tiikkaja

Security: CVE-2015-0243
contrib/pgcrypto/expected/pgp-info.out
contrib/pgcrypto/expected/pgp-pubkey-decrypt.out
contrib/pgcrypto/mbuf.c
contrib/pgcrypto/sql/pgp-pubkey-decrypt.sql