diff options
| author | Noah Misch <noah@leadboat.com> | 2015-02-02 10:00:45 -0500 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2015-02-02 10:00:50 -0500 |
| commit | 6994f07907b90ff03f661ca00e0341a9078fa843 (patch) | |
| tree | f67b585f5178b8311b967d007f17f295f83aa03a /contrib/pgcrypto/mbuf.c | |
| parent | bc4d5f2e57379feb7a577d25da2681a77e7ca854 (diff) | |
Fix buffer overrun after incomplete read in pullf_read_max().
Most callers pass a stack buffer. The ensuing stack smash can crash the
server, and we have not ruled out the viability of attacks that lead to
privilege escalation. Back-patch to 9.0 (all supported versions).
Marko Tiikkaja
Security: CVE-2015-0243
Diffstat (limited to 'contrib/pgcrypto/mbuf.c')
| -rw-r--r-- | contrib/pgcrypto/mbuf.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/contrib/pgcrypto/mbuf.c b/contrib/pgcrypto/mbuf.c index 6124e4513c7..c59691ed2cc 100644 --- a/contrib/pgcrypto/mbuf.c +++ b/contrib/pgcrypto/mbuf.c @@ -305,6 +305,7 @@ pullf_read_max(PullFilter *pf, int len, uint8 **data_p, uint8 *tmpbuf) break; memcpy(tmpbuf + total, tmp, res); total += res; + len -= res; } return total; } |