Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL
| От | Neil Conway |
|---|---|
| Тема | Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL |
| Дата | |
| Msg-id | 87y9b0m7n7.fsf@mailbox.samurai.com обсуждение исходный текст |
| Ответ на | Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL (Neil Conway <neilc@samurai.com>) |
| Ответы |
Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL
Re: @(#)Mordred Labs advisory 0x0002: Buffer overflow in PostgreSQL |
| Список | pgsql-hackers |
Neil Conway <neilc@samurai.com> writes:
> Sir Mordred The Traitor <mordred@s-mail.com> writes:
> > There exists a buffer overflow in a SET TIME ZONE command, that
> > allows an attacker to execute malicious code.
>
> Here's a patch for the problem. I also fixed some other potential
> buffer overruns nearby, and added a little paranoia to another routine
> that uses a statically sized buffer.
The handling of the TZ environmental variable is subject to a buffer
overrun. To see the problem, try:
export
TZ=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
postmaster -D /foo/bar&
psql
You get:
NOTICE: Buffer Leak: [26914] (freeNext=0, freePrev=0, rel=0/0, blockNum=0, flags=0x0, refcount=0 1)
[ lots more NOTICEs ]
psql: server closed the connection unexpectedly
This probably means the server terminated abnormally
before or while processing the request.
A revised patch is attached that fixes the problem.
Cheers,
Neil
--
Neil Conway <neilc@samurai.com> || PGP Key ID: DB3C29FC
Вложения
В списке pgsql-hackers по дате отправления: