Revision 0b7026d964c79515c8df00b37ab41d550bcdcbde authored by Noah Misch on 17 February 2014, 14:33:31 UTC, committed by Noah Misch on 17 February 2014, 14:33:37 UTC
Several functions, mostly type input functions, calculated an allocation size such that the calculation wrapped to a small positive value when arguments implied a sufficiently-large requirement. Writes past the end of the inadvertent small allocation followed shortly thereafter. Coverity identified the path_in() vulnerability; code inspection led to the rest. In passing, add check_stack_depth() to prevent stack overflow in related functions. Back-patch to 8.4 (all supported versions). The non-comment hstore changes touch code that did not exist in 8.4, so that part stops at 9.0. Noah Misch and Heikki Linnakangas, reviewed by Tom Lane. Security: CVE-2014-0064
1 parent 6a10e57
| File | Mode | Size |
|---|---|---|
| adminpack | ||
| auth_delay | ||
| auto_explain | ||
| btree_gin | ||
| btree_gist | ||
| chkpass | ||
| citext | ||
| cube | ||
| dblink | ||
| dict_int | ||
| dict_xsyn | ||
| dummy_seclabel | ||
| earthdistance | ||
| file_fdw | ||
| fuzzystrmatch | ||
| hstore | ||
| intagg | ||
| intarray | ||
| isn | ||
| lo | ||
| ltree | ||
| oid2name | ||
| pageinspect | ||
| passwordcheck | ||
| pg_archivecleanup | ||
| pg_buffercache | ||
| pg_freespacemap | ||
| pg_standby | ||
| pg_stat_statements | ||
| pg_test_fsync | ||
| pg_trgm | ||
| pg_upgrade | ||
| pg_upgrade_support | ||
| pgbench | ||
| pgcrypto | ||
| pgrowlocks | ||
| pgstattuple | ||
| seg | ||
| sepgsql | ||
| spi | ||
| sslinfo | ||
| start-scripts | ||
| tablefunc | ||
| test_parser | ||
| tsearch2 | ||
| unaccent | ||
| uuid-ossp | ||
| vacuumlo | ||
| xml2 | ||
| Makefile | -rw-r--r-- | 1.1 KB |
| README | -rw-r--r-- | 5.8 KB |
| contrib-global.mk | -rw-r--r-- | 85 bytes |
Computing file changes ...
