| From: | Jacob Champion <jchampion(at)postgresql(dot)org> |
|---|---|
| To: | pgsql-committers(at)lists(dot)postgresql(dot)org |
| Subject: | pgsql: Protect against small overread in SASLprep validation |
| Date: | 2026-02-06 20:20:11 |
| Message-ID: | E1voSJG-001Xg9-2o@gemulon.postgresql.org |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-committers |
Protect against small overread in SASLprep validation
(This is a cherry-pick of 390b3cbbb, which I hadn't realized wasn't
backpatched. It was originally reported to security@ and determined not
to be a vulnerability; thanks to Stanislav Osipov for noticing the
omission in the back branches.)
In case of torn UTF8 in the input data we might end up going
past the end of the string since we don't account for length.
While validation won't be performed on a sequence with a NULL
byte it's better to avoid going past the end to beging with.
Fix by taking the length into consideration.
Reported-by: Stanislav Osipov <stasos24(at)gmail(dot)com>
Reviewed-by: Daniel Gustafsson <daniel(at)yesql(dot)se>
Discussion: https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com
Backpatch-through: 14
Branch
------
REL_14_STABLE
Details
-------
https://git.postgresql.org/pg/commitdiff/3bb339fa2c9f2bf09805170fe0867d83b562a324
Modified Files
--------------
src/common/saslprep.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Nathan Bossart | 2026-02-06 22:25:31 | pgsql: Adjust style of some debugging macros. |
| Previous Message | Jacob Champion | 2026-02-06 18:54:16 | pgsql: doc: Expand upon protocol versions and extensions |