| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Prevent buffer overrun in read_tablespace_map(). |
| Date: | 2021-03-17 20:19:03 |
| Message-ID: | E1lMcdD-0007vm-NZ@gemulon.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Prevent buffer overrun in read_tablespace_map().
Robert Foggia of Trustwave reported that read_tablespace_map()
fails to prevent an overrun of its on-stack input buffer.
Since the tablespace map file is presumed trustworthy, this does
not seem like an interesting security vulnerability, but still
we should fix it just in the name of robustness.
While here, document that pg_basebackup's --tablespace-mapping option
doesn't work with tar-format output, because it doesn't. To make it
work, we'd have to modify the tablespace_map file within the tarball
sent by the server, which might be possible but I'm not volunteering.
(Less-painful solutions would require changing the basebackup protocol
so that the source server could adjust the map. That's not very
appetizing either.)
Branch
------
REL_10_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/2a4c9fd9c77041fc7207c268eaf0155d11f100a2
Modified Files
--------------
doc/src/sgml/ref/pg_basebackup.sgml | 10 ++++++++--
src/backend/access/transam/xlog.c | 2 +-
2 files changed, 9 insertions(+), 3 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2021-03-17 20:49:13 | pgsql: Doc: remove duplicated step in RLS example. |
| Previous Message | Tom Lane | 2021-03-17 17:09:19 | pgsql: Doc: improve discussion of variable substitution in PL/pgSQL. |