Prevent a double free by not reentering be_tls_close().
Reentering this function with the right timing caused a double free,
typically crashing the backend. By synchronizing a disconnection with
the authentication timeout, an unauthenticated attacker could achieve
this somewhat consistently. Call be_tls_close() solely from within
proc_exit_prepare(). Back-patch to 9.0 (all supported versions).
Benkocs Norbert Attila
Security: CVE-2015-3165
Branch
------
REL9_1_STABLE
Details
-------
http://git.postgresql.org/pg/commitdiff/6675ab595ade396c43ff6c0ee7c99ccb5f0bc6f4
Modified Files
--------------
src/backend/libpq/be-secure.c | 5 -----
src/backend/libpq/pqcomm.c | 23 ++++++++++++++++++-----
src/backend/postmaster/postmaster.c | 11 ++++++++++-
3 files changed, 28 insertions(+), 11 deletions(-)