Revision 0b7026d964c79515c8df00b37ab41d550bcdcbde authored by Noah Misch on 17 February 2014, 14:33:31 UTC, committed by Noah Misch on 17 February 2014, 14:33:37 UTC
Several functions, mostly type input functions, calculated an allocation size such that the calculation wrapped to a small positive value when arguments implied a sufficiently-large requirement. Writes past the end of the inadvertent small allocation followed shortly thereafter. Coverity identified the path_in() vulnerability; code inspection led to the rest. In passing, add check_stack_depth() to prevent stack overflow in related functions. Back-patch to 8.4 (all supported versions). The non-comment hstore changes touch code that did not exist in 8.4, so that part stops at 9.0. Noah Misch and Heikki Linnakangas, reviewed by Tom Lane. Security: CVE-2014-0064
1 parent 6a10e57
File | Mode | Size |
---|---|---|
config | ||
contrib | ||
doc | ||
src | ||
.gitignore | -rw-r--r-- | 360 bytes |
COPYRIGHT | -rw-r--r-- | 1.2 KB |
GNUmakefile.in | -rw-r--r-- | 3.5 KB |
HISTORY | -rw-r--r-- | 283 bytes |
Makefile | -rw-r--r-- | 1.5 KB |
README | -rw-r--r-- | 1.2 KB |
README.git | -rw-r--r-- | 727 bytes |
aclocal.m4 | -rw-r--r-- | 385 bytes |
configure | -rwxr-xr-x | 850.2 KB |
configure.in | -rw-r--r-- | 62.7 KB |
Computing file changes ...