Fwd: Infinite recursion in function causes DoS

Hi PostgreSQL hackers!

We recently received and discussed a Debian bug report agains
postgresql. If you have time, please have a look at

http://bugs.debian.org/239811

In short it was requested to limit the depth of (recursive) function
calls to prevent database crashes. Would it be possible to do that in
PostgreSQL? This depth should be configurable in

----- Forwarded message from Ivo Timmermans <ivo(at)debian(dot)org> -----

From: Ivo Timmermans <ivo(at)debian(dot)org>
To: Debian Bug Tracking System <submit(at)bugs(dot)debian(dot)org>
Subject: Infinite recursion in function causes DoS
Date: Wed, 24 Mar 2004 14:54:57 +0100
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_12

Package: postgresql
Version: 7.4.2-1
Severity: important
Tags: security

Hi,

Consider the following function:

CREATE FUNCTION testfn(INT) RETURNS INT
AS '
SELECT testfn($1);
' LANGUAGE 'SQL';

which is obviously an infinite recursion. When I call this function,
the postmaster process tries to allocate more and more memory at an
astonishing rate, until either the kernel dies, or the OOM killer
decides that it has been letting postgres have enough fun.

Either way, this situation leads to a DoS of the database system or the
entire machine. Since any user with enough privileges to access the
database can create and execute functions, this raises a slight security
concern.

-- System Information:
Debian Release: testing/unstable
APT prefers experimental
APT policy: (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.3
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8

Versions of packages postgresql depends on:
ii adduser 3.51 Add and remove users and groups
ii debconf [debconf 1.4.17 Debian configuration management sy
ii debianutils 2.7.5 Miscellaneous utilities specific t
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii libcomerr2 1.35-4 The Common Error Description libra
ii libkrb53 1.3.2-2 MIT Kerberos runtime libraries
ii libpam0g 0.76-15 Pluggable Authentication Modules l
ii libperl5.8 5.8.3-2 Shared Perl library.
ii libpq3 7.4.2-1 Shared library libpq.so.3 for Post
ii libreadline4 4.3-10 GNU readline and history libraries
ii libssl0.9.7 0.9.7d-1 SSL shared libraries
ii mailx 1:8.1.2-0.20031014cvs-1 A simple mail user agent
ii postgresql-clien 7.4.2-1 Front-end programs for PostgreSQL
ii procps 1:3.2.0-1 The /proc file system utilities
ii python2.3 2.3.3-6 An interactive high-level object-o
ii zlib1g 1:1.2.1-5 compression library - runtime

-- debconf information:
* postgresql/upgrade/preserve_location: /var/lib/postgres/preserve
* postgresql/settings/day_month_order: European
postgresql/convert-postmaster.init: true
* postgresql/upgrade/policy: true
postgresql/enable_lang: true
postgresql/contains_POSTGRESHOME: true
postgresql/very_old_version_warning: true
* postgresql/upgrade/dump_location: /var/lib/postgres
postgresql/convert-pg_hba.conf: true
* postgresql/settings/vacuum_full:
* postgresql/initdb/location: /var/lib/postgres/data
shared/postgresql/upgrade74: false
* postgresql/settings/locale: C
postgresql/peer-to-ident: true
postgresql/missing_conf: true
* postgresql/purge_data_too: false
* postgresql/settings/encoding: UNICODE
* postgresql/settings/date_style: ISO

----- End forwarded message -----

--
Martin Pitt Debian GNU/Linux Developer
martin(at)piware(dot)de mpitt(at)debian(dot)org
http://www.piware.de http://www.debian.org