Re: Server crash while trying to read expression using pg_get_expr()

On 03/06/10 10:21, Rushabh Lathia wrote:
> Server crash while trying to read expression(wrong) using pg_get_expr().
>
> postgres=# SELECT pg_get_expr('{FUNCEXPR', 1255);
> server closed the connection unexpectedly
> This probably means the server terminated abnormally
> before or while processing the request.
> The connection to the server was lost. Attempting reset: Failed.

In readfuncs.c, we don't check the return value of pg_strtok, and pass a
NULL to atoi(). The fix is pretty straightforward, we just have to be
more careful with validating the input, see attached patch.

However, I'm afraid we're lacking in input validation of read-funcs in
general. After some random hacking, I found this:

postgres=# SELECT pg_get_expr('{FUNCEXPR 1 2 3 4 4 5 6 7 8 9 9 } }', 1255);
server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
The connection to the server was lost. Attempting reset: Failed.

Which still crashes despite the patch. Does anyone have an idea on how
to validate the input in a more wholesale fashion, so that we don't need
to plug these holes one by one?

--
Heikki Linnakangas
EnterpriseDB http://www.enterprisedb.com