pgsql: Fix buffer overflow when processing SCRAM final message inlibpq

Поиск
Список
Период
Сортировка
От Michael Paquier
Тема pgsql: Fix buffer overflow when processing SCRAM final message inlibpq
Дата
Msg-id E1hcrT3-0005Uh-3X@gemulon.postgresql.org
обсуждение исходный текст
Список pgsql-committers
Дерево обсуждения 
Fix buffer overflow when processing SCRAM final message in libpq

When a client connects to a rogue server sending specifically-crafted
messages, this can suffice to execute arbitrary code as the operating
system account used by the client.

While on it, fix one error handling when decoding an incorrect salt
included in the first message received from server.

Author: Michael Paquier
Reviewed-by: Jonathan Katz, Heikki Linnakangas
Security: CVE-2019-10164
Backpatch-through: 10

Branch
------
REL_10_STABLE

Details
-------
https://git.postgresql.org/pg/commitdiff/d72a7e4da1001b29a661a4b1a52cb5c4d708bab0

Modified Files
--------------
src/interfaces/libpq/fe-auth-scram.c | 21 ++++++++++++++++++++-
1 file changed, 20 insertions(+), 1 deletion(-)

В списке pgsql-committers по дате отправления:

Предыдущее
От: Michael Paquier
Дата:
Сообщение: pgsql: Fix buffer overflow when parsing SCRAM verifiers in backend
Следующее
От: Peter Eisentraut
Дата:
Сообщение: pgsql: Translation updates