upstream/postgresql
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2026-02-18 10:09:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
postgresql/src
History
Tom Lane b77e5d73bc Prevent buffer overrun in read_tablespace_map(). 
Robert Foggia of Trustwave reported that read_tablespace_map()
fails to prevent an overrun of its on-stack input buffer.
Since the tablespace map file is presumed trustworthy, this does
not seem like an interesting security vulnerability, but still
we should fix it just in the name of robustness.

While here, document that pg_basebackup's --tablespace-mapping option
doesn't work with tar-format output, because it doesn't.  To make it
work, we'd have to modify the tablespace_map file within the tarball
sent by the server, which might be possible but I'm not volunteering.
(Less-painful solutions would require changing the basebackup protocol
so that the source server could adjust the map.  That's not very
appetizing either.)
2021-03-17 16:10:37 -04:00
..
backend Prevent buffer overrun in read_tablespace_map(). 2021-03-17 16:10:37 -04:00
bin Fix race condition in psql \e's detection of file modification. 2021-03-12 12:20:15 -05:00
common Second thoughts on TOAST decompression. 2020-11-02 11:25:18 -05:00
fe_utils Remove incorrect %s in string 2020-11-09 10:38:43 +01:00
include Revert "Fix race in Parallel Hash Join batch cleanup." 2021-03-18 01:00:56 +13:00
interfaces Re-simplify management of inStart in pqParseInput3's subroutines. 2021-03-11 14:43:45 -05:00
makefiles Remove libpq.rc, use win32ver.rc for libpq 2020-01-15 15:06:12 +01:00
pl Translation updates 2021-02-08 17:41:32 +01:00
port pg_attribute_no_sanitize_alignment() macro 2021-02-13 17:49:08 -05:00
template Further tweaking of PG_SYSROOT heuristics for macOS. 2021-01-20 12:07:31 -05:00
test Forbid marking an identity column as nullable. 2021-03-12 11:08:42 -05:00
timezone Update time zone data files to tzdata release 2021a. 2021-01-24 16:29:47 -05:00
tools backpatch "jit: Add support for LLVM 12." 2020-12-07 18:32:32 -08:00
tutorial tutorial: land height is "elevation", not "altitude" 2021-03-10 20:25:18 -05:00
.gitignore
DEVELOPERS
Makefile Fix partial-build problems introduced by having more generated headers. 2018-04-09 16:42:10 -04:00
Makefile.global.in Update Unicode data to Unicode 13.0.0 and CLDR 37 2020-04-24 09:52:59 +02:00
Makefile.shlib Add PostgreSQL home page to --help output 2020-02-28 13:12:21 +01:00
nls-global.mk NLS: Fix backend gettext triggers 2019-09-23 09:04:20 +02:00