upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-04-13 21:17:00 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
Base de données relationnelle
59883 commits 38 branches 679 tags 839 MiB
C 84.5%
PLpgSQL 6.1%
Perl 4.9%
Yacc 1.2%
Meson 0.7%
Other 2.4%
Find a file
Michael Paquier 7a7d9693c7 pgcrypto: Fix buffer overflow in pgp_pub_decrypt_bytea() 
pgp_pub_decrypt_bytea() was missing a safeguard for the session key
length read from the message data, that can be given in input of
pgp_pub_decrypt_bytea().  This can result in the possibility of a buffer
overflow for the session key data, when the length specified is longer
than PGP_MAX_KEY, which is the maximum size of the buffer where the
session data is copied to.

A script able to rebuild the message and key data that can trigger the
overflow is included in this commit, based on some contents provided by
the reporter, heavily editted by me.  A SQL test is added, based on the
data generated by the script.

Reported-by: Team Xint Code as part of zeroday.cloud
Author: Michael Paquier <michael@paquier.xyz>
Reviewed-by: Noah Misch <noah@leadboat.com>
Security: CVE-2026-2005
Backpatch-through: 14
2026-02-09 08:01:07 +09:00
config Don't put library-supplied -L/-I switches before user-supplied ones. 2025-07-29 15:17:41 -04:00
contrib pgcrypto: Fix buffer overflow in pgp_pub_decrypt_bytea() 2026-02-09 08:01:07 +09:00
doc Release notes for 18.2, 17.8, 16.12, 15.16, 14.21. 2026-02-08 13:00:40 -05:00
src Translation updates 2026-02-08 15:10:56 +01:00
.abi-compliance-history Placate ABI checker. 2026-02-07 11:48:14 +13:00
.cirrus.star ci: Simplify ci-os-only handling 2025-08-14 12:02:42 -04:00
.cirrus.tasks.yml Fix typo 2026-01-07 15:48:54 +01:00
.cirrus.yml ci: Per-repo configuration for manually trigger tasks 2025-08-14 11:33:47 -04:00
.dir-locals.el Make Emacs perl-mode indent more like perltidy. 2019-01-13 11:32:31 -08:00
.editorconfig Add .editorconfig 2019-12-18 09:13:13 +01:00
.git-blame-ignore-revs Add previous commit to .git-blame-ignore-revs. 2025-10-21 10:02:19 -05:00
.gitattributes Fix git whitespace warning 2025-08-15 10:32:07 +02:00
.gitignore Update top-level .gitignore. 2022-12-04 15:23:00 -05:00
aclocal.m4 autoconf: Move export_dynamic determination to configure 2022-12-06 18:55:28 -08:00
configure Stamp 17.7. 2025-11-10 16:53:58 -05:00
configure.ac Stamp 17.7. 2025-11-10 16:53:58 -05:00
COPYRIGHT Update copyright for 2026 2026-01-01 13:24:10 -05:00
GNUmakefile.in Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
HISTORY Canonicalize some URLs 2020-02-10 20:47:50 +01:00
Makefile Adapt REL_17_STABLE to its new status as a stable branch 2024-07-01 08:05:35 +09:00
meson.build meson: host_system value for Solaris is 'sunos' not 'solaris'. 2026-02-07 20:05:52 -05:00
meson_options.txt Allow selecting the git revision to be packaged by "make dist". 2024-05-03 11:08:50 -04:00
README.md Adapt REL_17_STABLE to its new status as a stable branch 2024-07-01 08:05:35 +09:00

README.md

PostgreSQL Database Management System

This directory contains the source code distribution of the PostgreSQL database management system.

PostgreSQL is an advanced object-relational database management system that supports an extended subset of the SQL standard, including transactions, foreign keys, subqueries, triggers, user-defined types and functions. This distribution also contains C language bindings.

Copyright and license information can be found in the file COPYRIGHT.

General documentation about this version of PostgreSQL can be found at https://www.postgresql.org/docs/17/. In particular, information about building PostgreSQL from the source code can be found at https://www.postgresql.org/docs/17/installation.html.

The latest version of this software, and related software, may be obtained at https://www.postgresql.org/download/. For more information look at our web site located at https://www.postgresql.org/.