upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-14 14:42:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Jacob Champion 46aaec4c0e Protect against small overread in SASLprep validation 
(This is a cherry-pick of 390b3cbbb, which I hadn't realized wasn't
backpatched. It was originally reported to security@ and determined not
to be a vulnerability; thanks to Stanislav Osipov for noticing the
omission in the back branches.)

In case of torn UTF8 in the input data we might end up going
past the end of the string since we don't account for length.
While validation won't be performed on a sequence with a NULL
byte it's better to avoid going past the end to beging with.
Fix by taking the length into consideration.

Reported-by: Stanislav Osipov <stasos24@gmail.com>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Discussion: https://postgr.es/m/CAOYmi+mTnmM172g=_+Yvc47hzzeAsYPy2C4UBY3HK9p-AXNV0g@mail.gmail.com
Backpatch-through: 14
2026-02-06 11:08:59 -08:00
..
backend Add file_extend_method=posix_fallocate,write_zeros. 2026-02-06 17:43:49 +13:00
bin Fix some error message inconsistencies 2026-02-06 15:38:25 +09:00
common Protect against small overread in SASLprep validation 2026-02-06 11:08:59 -08:00
fe_utils In fmtIdEnc(), handle failure of enlargePQExpBuffer(). 2025-02-16 12:46:35 -05:00
include Add file_extend_method=posix_fallocate,write_zeros. 2026-02-06 17:43:49 +13:00
interfaces Fix printf format string warning on MinGW. 2025-12-21 21:14:54 +13:00
makefiles Use --strip-unneeded when stripping static libraries with GNU strip. 2023-04-20 18:12:32 -04:00
pl Translation updates 2025-11-10 13:04:09 +01:00
port Fix O_CLOEXEC flag handling in Windows port. 2025-12-10 09:11:19 +13:00
template Use unnamed POSIX semaphores on Cygwin. 2023-01-06 10:33:28 +13:00
test Fix logical replication TAP test to read publisher log correctly. 2026-02-05 00:47:04 +09:00
timezone Update time zone data files to tzdata release 2025c. 2026-01-18 14:55:01 -05:00
tools For inplace update, send nontransactional invalidations. 2025-12-16 16:13:55 -08:00
tutorial Pre-beta mechanical code beautification. 2023-05-19 17:24:48 -04:00
.gitignore
DEVELOPERS
Makefile Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
Makefile.global.in Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:41 -04:00
Makefile.shlib Stop using "-multiply_defined suppress" on macOS. 2023-09-26 21:06:21 -04:00
meson.build Integrate pg_bsd_indent into our build/test infrastructure. 2023-02-12 12:22:21 -05:00
nls-global.mk Fix update-po for the PGXS case 2025-10-16 20:21:05 +02:00