Revision 0b7026d964c79515c8df00b37ab41d550bcdcbde authored by Noah Misch on 17 February 2014, 14:33:31 UTC, committed by Noah Misch on 17 February 2014, 14:33:37 UTC
Several functions, mostly type input functions, calculated an allocation size such that the calculation wrapped to a small positive value when arguments implied a sufficiently-large requirement. Writes past the end of the inadvertent small allocation followed shortly thereafter. Coverity identified the path_in() vulnerability; code inspection led to the rest. In passing, add check_stack_depth() to prevent stack overflow in related functions. Back-patch to 8.4 (all supported versions). The non-comment hstore changes touch code that did not exist in 8.4, so that part stops at 9.0. Noah Misch and Heikki Linnakangas, reviewed by Tom Lane. Security: CVE-2014-0064
1 parent 6a10e57
File | Mode | Size |
---|---|---|
adminpack | ||
auth_delay | ||
auto_explain | ||
btree_gin | ||
btree_gist | ||
chkpass | ||
citext | ||
cube | ||
dblink | ||
dict_int | ||
dict_xsyn | ||
dummy_seclabel | ||
earthdistance | ||
file_fdw | ||
fuzzystrmatch | ||
hstore | ||
intagg | ||
intarray | ||
isn | ||
lo | ||
ltree | ||
oid2name | ||
pageinspect | ||
passwordcheck | ||
pg_archivecleanup | ||
pg_buffercache | ||
pg_freespacemap | ||
pg_standby | ||
pg_stat_statements | ||
pg_test_fsync | ||
pg_trgm | ||
pg_upgrade | ||
pg_upgrade_support | ||
pgbench | ||
pgcrypto | ||
pgrowlocks | ||
pgstattuple | ||
seg | ||
sepgsql | ||
spi | ||
sslinfo | ||
start-scripts | ||
tablefunc | ||
test_parser | ||
tsearch2 | ||
unaccent | ||
uuid-ossp | ||
vacuumlo | ||
xml2 | ||
Makefile | -rw-r--r-- | 1.1 KB |
README | -rw-r--r-- | 5.8 KB |
contrib-global.mk | -rw-r--r-- | 85 bytes |
Computing file changes ...