upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-03-07 07:40:31 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Tom Lane 987c4b401f Remove triggerable Assert in hashname(). 
hashname() asserted that the key string it is given is shorter than
NAMEDATALEN.  That should surely always be true if the input is in fact a
regular value of type "name".  However, for reasons of coding convenience,
we allow plain old C strings to be treated as "name" values in many places.
Some SQL functions accept arbitrary "text" inputs, convert them to C
strings, and pass them otherwise-untransformed to syscache lookups for name
columns, allowing an overlength input value to trigger hashname's Assert.

This would be a DOS problem, except that it only happens in assert-enabled
builds which aren't recommended for production.  In a production build,
you'll just get a name lookup error, since regardless of the hash value
computed by hashname, the later equality comparison checks can't match.
Likewise, if the catalog lookup is done by seqscan or indexscan searches,
there will just be a lookup error, since the name comparison functions
don't contain any similar length checks, and will see an overlength input
as unequal to any stored entry.

After discussion we concluded that we should simply remove this Assert.
It's inessential to hashname's own functionality, and having such an
assertion in only some paths for name lookup is more of a foot-gun than
a useful check.  There may or may not be a case for the affected callers
to do something other than let the name lookup fail, but we'll consider
that separately; in any case we probably don't want to change such
behavior in the back branches.

Per report from Tushar Ahuja.  Back-patch to all supported branches.

Report: https://postgr.es/m/7d0809ee-6f25-c9d6-8e74-5b2967830d49@enterprisedb.com
Discussion: https://postgr.es/m/17691.1482523168@sss.pgh.pa.us
2016-12-26 14:58:16 -05:00
..
backend Remove triggerable Assert in hashname(). 2016-12-26 14:58:16 -05:00
bin pg_dumpall: Include --verbose option in --help output 2016-12-24 01:42:10 -05:00
common pgindent run for 9.5 2015-05-23 21:35:49 -04:00
include Fix handling of expanded objects in CoerceToDomain and CASE execution. 2016-12-22 15:01:39 -05:00
interfaces Fix buffer overflow on particularly named files and clarify documentation about 2016-12-22 08:29:33 +01:00
makefiles Link $(WIN32RES) into single-file modules only when PGFILEDESC is set. 2015-08-05 20:45:21 -04:00
pl Be more careful about Python refcounts while creating exception objects. 2016-12-09 15:27:23 -05:00
port Make pgwin32_putenv() visit debug CRTs. 2016-12-03 15:46:48 -05:00
template AIX: Test the -qlonglong option before use. 2015-07-17 03:01:29 -04:00
test Use TSConfigRelationId in AlterTSConfiguration() 2016-12-22 17:08:49 -05:00
timezone Sync our copy of the timezone library with IANA release tzcode2016j. 2016-12-15 14:33:06 -05:00
tools MSVC: Include pg_recvlogical in client-only install. 2016-09-19 14:27:08 -04:00
tutorial Remove no-longer-required function declarations. 2015-05-24 12:20:23 -04:00
.gitignore Convert cvsignore to gitignore, and add .gitignore for build targets. 2010-09-22 12:57:04 +02:00
bcc32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00
DEVELOPERS Replace a couple of references to files that no longer exist in the source 2009-05-04 08:08:47 +00:00
Makefile Install TAP test infrastructure so it's available for extension testing. 2016-09-23 15:50:00 -04:00
Makefile.global.in Make TAP test suites to work, when @INC does not contain current dir. 2016-10-07 22:00:24 +03:00
Makefile.shlib Make the AIX case of Makefile.shlib safe for parallel make. 2016-07-23 20:30:40 -04:00
nls-global.mk nls-global.mk: search build dir for source files, too 2016-06-07 18:55:18 -04:00
win32.mak Autoconfiscate selection of 64-bit int type for 64-bit large object API. 2012-10-07 21:52:43 -04:00