diff options
| author | Noah Misch <noah@leadboat.com> | 2015-02-02 10:00:45 -0500 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2015-02-02 10:00:51 -0500 |
| commit | 11f738a8afb9e93ca31cd37331fc640d92b9ec96 (patch) | |
| tree | c8a777d41fcb0d44172895e2ad28d7f827015ca5 /contrib/pgcrypto/mbuf.c | |
| parent | 98f2479d8271934ae6ec43a450e11506df015051 (diff) | |
Fix buffer overrun after incomplete read in pullf_read_max().
Most callers pass a stack buffer. The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation. Back-patch to 9.0 (all supported versions).
Marko Tiikkaja
Security: CVE-2015-0243
Diffstat (limited to 'contrib/pgcrypto/mbuf.c')
| -rw-r--r-- | contrib/pgcrypto/mbuf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c index 7410970f147..7fc0a9e8811 100644 --- a/contrib/pgcrypto/mbuf.c +++ b/contrib/pgcrypto/mbuf.c @@ -305,6 +305,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf) break; memcpy(tmpbuf + total, tmp, res); total += res; + len -= res; } return total; } |