| From: | Albert Chin <pgsql-hackers(at)mlists(dot)thewrittenword(dot)com> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Fix to CVE-2006-0553 for 8.1.1 |
| Date: | 2006-02-19 21:38:07 |
| Message-ID: | 20060219213807.GB93931@mail1.thewrittenword.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Does the patch below look like the correct fix to CVE-2006-0553 if
running 8.1.1? I just scanned cvs log from the 8.1 branch, looking for
CVE-2006-0553 and picked out the diffs.
--
albert chin (china(at)thewrittenword(dot)com)
-- snip snip
Index: src/backend/commands/variable.c
===================================================================
--- src/backend/commands/variable.c.orig 2005-11-22 12:23:08.000000000 -0600
+++ src/backend/commands/variable.c 2006-02-19 15:24:40.540106000 -0600
@@ -586,7 +586,9 @@
* by the numeric oid, followed by a comma, followed by the role name.
* This cannot be confused with a plain role name because of the NAMEDATALEN
* limit on names, so we can tell whether we're being passed an initial
- * role name or a saved/restored value.
+ * role name or a saved/restored value. (NOTE: we rely on guc.c to have
+ * properly truncated any incoming value, but not to truncate already-stored
+ * values. See GUC_IS_NAME processing.)
*/
extern char *session_authorization_string; /* in guc.c */
Index: src/include/utils/guc_tables.h
===================================================================
--- src/include/utils/guc_tables.h.orig 2005-07-14 00:13:44.000000000 -0500
+++ src/include/utils/guc_tables.h 2006-02-19 15:29:15.187973000 -0600
@@ -126,6 +126,7 @@
#define GUC_DISALLOW_IN_FILE 0x0040 /* can't set in postgresql.conf */
#define GUC_CUSTOM_PLACEHOLDER 0x0080 /* placeholder for custom variable */
#define GUC_SUPERUSER_ONLY 0x0100 /* show only to superusers */
+#define GUC_IS_NAME 0x0200 /* limit string to NAMEDATALEN-1 */
/* bit values in status field */
#define GUC_HAVE_TENTATIVE 0x0001 /* tentative value is defined */
Index: src/backend/utils/misc/guc.c
===================================================================
--- src/backend/utils/misc/guc.c.orig 2005-11-22 12:23:24.000000000 -0600
+++ src/backend/utils/misc/guc.c 2006-02-19 15:30:21.625766000 -0600
@@ -48,6 +48,7 @@
#include "optimizer/prep.h"
#include "parser/parse_expr.h"
#include "parser/parse_relation.h"
+#include "parser/scansup.h"
#include "postmaster/autovacuum.h"
#include "postmaster/bgwriter.h"
#include "postmaster/syslogger.h"
@@ -1662,7 +1663,7 @@
{"client_encoding", PGC_USERSET, CLIENT_CONN_LOCALE,
gettext_noop("Sets the client's character set encoding."),
NULL,
- GUC_REPORT
+ GUC_IS_NAME | GUC_REPORT
},
&client_encoding_string,
"SQL_ASCII", assign_client_encoding, NULL
@@ -1742,7 +1743,8 @@
{
{"default_tablespace", PGC_USERSET, CLIENT_CONN_STATEMENT,
gettext_noop("Sets the default tablespace to create tables and indexes in."),
- gettext_noop("An empty string selects the database's default tablespace.")
+ gettext_noop("An empty string selects the database's default tablespace."),
+ GUC_IS_NAME
},
&default_tablespace,
"", assign_default_tablespace, NULL
@@ -1900,7 +1902,7 @@
{"server_encoding", PGC_INTERNAL, CLIENT_CONN_LOCALE,
gettext_noop("Sets the server (database) character set encoding."),
NULL,
- GUC_REPORT | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
+ GUC_IS_NAME | GUC_REPORT | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
},
&server_encoding_string,
"SQL_ASCII", NULL, NULL
@@ -1922,7 +1924,7 @@
{"role", PGC_USERSET, UNGROUPED,
gettext_noop("Sets the current role."),
NULL,
- GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
+ GUC_IS_NAME | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
},
&role_string,
"none", assign_role, show_role
@@ -1933,7 +1935,7 @@
{"session_authorization", PGC_USERSET, UNGROUPED,
gettext_noop("Sets the session user name."),
NULL,
- GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
+ GUC_IS_NAME | GUC_REPORT | GUC_NO_SHOW_ALL | GUC_NO_RESET_ALL | GUC_NOT_IN_SAMPLE | GUC_DISALLOW_IN_FILE
},
&session_authorization_string,
NULL, assign_session_authorization, show_session_authorization
@@ -3934,6 +3936,12 @@
newval = guc_strdup(elevel, value);
if (newval == NULL)
return false;
+ /*
+ * The only sort of "parsing" check we need to do is
+ * apply truncation if GUC_IS_NAME.
+ */
+ if (conf->gen.flags & GUC_IS_NAME)
+ truncate_identifier(newval, strlen(newval), true);
}
else if (conf->reset_val)
{
Index: src/backend/utils/mb/encnames.c
===================================================================
--- src/backend/utils/mb/encnames.c.orig 2005-10-14 21:49:33.000000000 -0500
+++ src/backend/utils/mb/encnames.c 2006-02-19 15:35:15.559558000 -0600
@@ -449,7 +449,7 @@
if (name == NULL || *name == '\0')
return NULL;
- if (strlen(name) > NAMEDATALEN)
+ if (strlen(name) >= NAMEDATALEN)
{
#ifdef FRONTEND
fprintf(stderr, "encoding name too long\n");
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Martijn van Oosterhout | 2006-02-19 22:06:38 | Re: Domains and supporting functions |
| Previous Message | elein | 2006-02-19 21:36:41 | Re: Domains and supporting functions |